In May, LexisNexis Risk Solutions began notifying people that their personal information might have been exposed during a data breach that actually happened months earlier. These types of cybersecurity attacks are quite common nowadays, and although companies try their best to ensure that personal data is secured, hackers are getting better at dismantling these protections and performing data breaches. The estimated data of 360.000 people was compromised and now LexisNexis may be facing a class action lawsuit to compensate their victims.
LexisNexis Risk Solutions is a service that helps companies make better decisions, stay compliant, reduce risk and improve operations thanks to the use of technology. They also “help detect and prevent online fraud and money laundering and deliver actionable insights to insurance companies and healthcare networks”. Considering all that they do for other companies the fact that they themselves fell prey to an attack of this magnitude is surprising, but it goes to show that nowadays no one is safe.
The LexisNexis Risk Solutions data breach and class action suit
The original breach occurred on December 25, 2024, but it was not discovered until April 1, 2025, when the company found that someone got unauthorized access to data through a third-party platform they use for software development. This was good news for the company and their client roster, as their own internal systems remained safe and none of the personal data that they have vowed to guard was compromised.
Having said that, the type of information accessed through the third part was still sensitive information like names, phone numbers, email addresses, Social Security numbers, driver’s license numbers, and dates of birth. Luckily LexisNexis was able to confirm that financial data like credit card numbers was not accessed as part of the breach and that none of the accessed information has been misused in any other way.
Since discovering the breach, the company has been quite proactive in ensuring that all affected get the help they need to protect their accounts and secure their data once again, even though once it is out there, it is quite hard to rein it back in. For now, they are offering free help to anyone affected and they have partnered with Experian to provide two years of credit monitoring and identity protection through the IdentityWorks program. That package includes daily credit report tracking, identity theft recovery support, and coverage up to $1 million if someone ends up being a victim of identity theft.
Despite their help, the most important thing anyone can do is to remain vigilant by monitoring account statements and credit reports for any unauthorized activity. Preemptively freezing credit to ensure that no one can make big financial moves without approval is also a good idea and it is free (and everyone should do it regardless of their involvement in a data breach).
Given the severity of the circumstances, it may be surprising to some but a class action lawsuit has not been filed as of right now. The fact that the affected individuals have not had any immediate ramifications due to the breach as well as the measures that LexisNexis is taking to further offer protections may have something to do with the lack of litigious action, but there is still time for affected individuals to make a claim should they believe that their data has been compromised further.
In the meantime, LexisNexis has also provided victims with a dedicated phone line for anyone that has questions or needs help with the process: 1-833-918-9002, available Monday through Friday from 9 a.m. to 9 p.m. ET. This does not mean that you can stop being vigilant, especially if the data breach has affected your data, on the contrary, now is the time to protect yourself even more.