LexisNexis Risk Solutions has finally notified over 360,000 individuals of a data breach discovered on April 1, 2025, stemming from unauthorized access to a third-party development platform on December 25, 2024. The compromised data includes names, phone numbers, emails, Social Security numbers, driver's license numbers, and dates of birth.

In response, LexisNexis is offering two years of free identity protection and credit monitoring, including daily monitoring, identity restoration, and up to $1 million in identity theft insurance. The company is urging affected individuals to stay vigilant and monitor their accounts. While no lawsuits have been filed yet, the incident is being closely watched for potential class action litigation.

The breach is part of a broader trend, following recent large-scale incidents like Yale New Haven Health’s breach affecting 5.5 million patients. These incidents underscore the critical importance of implementing stronger network security measures, particularly when working with third-party platforms. The unauthorized access to a development environment highlights a common but dangerous blind spot in enterprise cybersecurity — insufficient oversight of integrations. The breach exposed sensitive personal data, including Social Security and driver’s license numbers, showing how even indirect access points can be exploited by attackers. Without sufficient safeguards, organizations remain vulnerable to breaches that can erode public trust, trigger regulatory scrutiny, and result in significant financial and reputational damage. Read more about this story on our LinkedIn page