LexisNexis Data Breach so Serious It Could Lead to Class Action Lawsuit
Data broker LexisNexis Risk Solutions (LNRS) just reported a data breach that occurred late last year. While it didn’t affect as many people as other recent high-profile incidents, like the DISA breach that saw the data of 3.3 million people stolen, it highlights ongoing concerns about companies harvesting (and profiting from) user data.
As TechCrunch reports , LexisNexis Risk Solutions uses consumers’ personal and financial information to help corporations conduct risk assessments on potential customers and identify fraudulent transactions. For example, LexisNexis has sold data on vehicle driving habits collected by automakers to insurance companies to set premiums, while law enforcement agencies mine data from LexisNexis on suspects. (LexisNexis Risk Solutions is a subsidiary of the same corporation that owns the analytics and research firm LexisNexis.)
The LexisNexis hack compromised data collected on 364,333 individuals, and a potential class action lawsuit is brewing over the incident. Here’s what you need to know.
What happened to LexisNexis?
According to the company’s filing with the Maine Attorney General’s Office , the data breach occurred on December 25, 2024, but was not discovered until May 14, 2025. A third-party platform used by LexisNexis was hacked, resulting in compromised information that may include the following:
-
Name
-
Phone number
-
Postal address
-
Email address
-
Social Security number
-
Driver’s license number
-
Date of birth
In a letter to affected individuals, LexisNexis said no financial or credit information was included in the breach, and no data was clearly misused (yet). Few additional details about the incident were released, other than that none of the company’s own networks or systems were compromised.
What consumers need to do
LexisNexis sent a notice on May 24 to consumers whose data may have been compromised, so if you received a letter from LexisNexis Risk Solutions, don’t throw it away. The company offers 24 months of identity protection and credit monitoring services through Experian IdentityWorks, and you mustregister online by August 31, 2025, using the activation code included in your notice.
Aggrieved individuals may also express their interest in joining the class action lawsuit against LexisNexis through the Oklahoma firm Abington Cole + Ellery. If you would like to volunteer to serve as a class representative, please complete the online form with your name, contact information, and connection to the violation.
Finally, even if you don’t plan to join a class action lawsuit, you should watch for signs of identity theft. Check your credit report, which you can request for free weekly, and monitor your accounts for any unauthorized activity. You can also freeze your credit , place a fraud alert, and take other steps to protect your Social Security number so that no one can open accounts or take out loans in your name.