Impact & Downstream Threats
This breach carries moderate risk due to the nature of exposed data fields and the scale of affected records.
- Targeted phishing campaigns using exposed email addresses
Breach Intelligence
Executive Summary
LexisNexis confirmed a data breach involving legacy information after a threat actor known as FULCRUMSEC leaked 2 GB of files on a cybercriminal forum. The incident targeted the company’s AWS infrastructure, with the attacker claiming to have exploited a vulnerability known as React2Shell in an unpatched React frontend application. While LexisNexis stated the compromised servers primarily contained deprecated data from prior to 2020, the leak reportedly includes the personal information of approximately 400,000 individuals.,
, The exposed dataset includes full names, phone numbers, email addresses, and business contact details. The breach allegedly affects over 100 users with official government email addresses, including federal judges, Department of Justice attorneys, and staff from the Securities and Exchange Commission. Although LexisNexis maintained that sensitive identifiers like Social Security numbers or financial data were not involved, the threat actor claims the exfiltrated files contain AWS secrets, API keys, and cleartext passwords within IT support tickets. This incident follows a 2025 breach involving the company’s Risk Solutions division, highlighting persistent security challenges for major data providers.,
About LexisNexis
Legal, regulatory, and analytics information services company.
Data Points Exposed
Dark Web Verification
Status: Confirmed
- Dataset containing approximately 16K records identified in breach intelligence sources.
- The data is indexed and searchable across breach notification platforms.
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Non-clients may request a breach impact review.
Frequently Asked Questions
In March 2026, LexisNexis experienced a data breach that exposed approximately 16K records containing personal information.
The exposed data includes fields such as email address.
Approximately 16K records were affected based on current breach intelligence.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of LexisNexis
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam