Data broker LexisNexis Risk Solutions (LNRS) has just disclosed a data breach that occurred at the end of last year, and while it doesn’t affect as many individuals as other recent high profile incidents—such as the DISA hack that included 3.3 million people’s information—it underscores the ever-present concerns with companies collecting (and profiting off of) user data.
As TechCrunch reports, LexisNexis Risk Solutions uses consumers’ personal and financial information to help corporations conduct risk assessments on prospective customers and detect fraudulent transactions. For example, LexisNexis sold data on vehicle driving habits collected by car manufacturers to insurance companies to set premiums, while law enforcement agencies pull data from LexisNexis about suspects. (LexisNexis Risk Solutions is a subsidiary of the same corporation that owns data analytics and research firm LexisNexis.)
The LexisNexis hack compromised data collected on 364,333 individuals, and there’s a potential class action lawsuit brewing over the incident. Here’s what you need to know.
What happened with LexisNexis?
According to the company’s filing with the Maine attorney general’s office, a data breach took place on December 25, 2024 but wasn’t discovered until May 14, 2025. A third-party platform used by LexisNexis was hacked, compromising information that may include the following:
Name
Phone number
Mailing address
Email address
Social Security number
Driver’s license number
Date of birth
In a letter to affected individuals, LexisNexis states that no financial or credit card information was included in the breach, nor has any data been obviously misused (so far). Few additional details about the incident have been disclosed, other than that none of the company’s own networks or systems were hacked.
What do you think so far?
What consumers need to do
LexisNexis sent a notice dated May 24 to consumers whose data may have been compromised, so if you receive a letter from LexisNexis Risk Solutions, don’t throw it out. The company is offering 24 months of identity protection and credit monitoring services through Experian IdentityWorks, and you must enroll online by August 31, 2025 using the activation code provided in your notice.
Affected individuals can also indicate their interest in joining a class action lawsuit against LexisNexis through Oklahoma-based firm Abington Cole + Ellery. If you want to volunteer to be considered as a class representative, fill out the online form with your name, contact information, and connection to the breach.
Finally, even if you don’t plan to join the class action suit, you should keep an eye out for signs of identity theft. Check your credit report—which you can request for free on a weekly basis—and monitor your accounts for any unauthorized activity. You can also freeze your credit, place a fraud alert, and take other steps to secure your Social Security number so no one can open accounts or take out debt in your name.