Ethical Hacking News
LexisNexis Legal & Professional has confirmed a data breach that affected its customer records, with the cybercrime crew Fulcrumsec claiming responsibility for the hack. The incident reveals the scope of impact on customer information and highlights the importance of cybersecurity for organizations handling sensitive data.
LexisNexis reported a data breach affecting its customer records. Fulcrumsec claimed responsibility for the hack, exploiting a vulnerable React2Shell vulnerability. The data dump is over 2 GB in size and contains customer information such as names, emails, and phone numbers. The breach did not include sensitive personally identifiable information (PII) like Social Security numbers. LexisNexis contained the breach and is investigating and implementing containment and remediation steps. The company has implemented measures to prevent similar incidents in the future.
LexisNexis Legal & Professional has confirmed a data breach that affected its customer records, according to an investigation by The Register. The incident occurred days after the cybercrime crew Fulcrumsec claimed responsibility for the hack.
Fulcrumsec announced in a statement that it had exfiltrated files from a LexisNexis AWS instance, exploiting a vulnerable React2Shell vulnerability. The data dump is reportedly over 2 GB in size and contains a significant amount of customer information, including names, emails, phone numbers, cloud user profiles, and more than 118 records related to US government staff.
The breach was not limited to sensitive personally identifiable information (PII), as it did not include Social Security numbers, driver's license numbers, credit card or bank account details, active passwords, customer search queries, client or matter information, or customer contracts. However, the cybercrime crew claims that they stole data related to government agencies, insurance companies, law firms, and universities.
The investigation found that only a limited number of servers were accessed, with the majority of the stored data being "legacy, deprecated data from prior to 2020." The data breach has been contained, and LexisNexis is continuing to investigate and implement containment and remediation steps in coordination with an expert cybersecurity forensic firm.
In response to the incident, LexisNexis said it takes its responsibility to safeguard customer information "extremely seriously" and informed impacted current and previous customers of the matter. The company has also implemented measures to prevent similar incidents in the future.
The breach highlights the importance of cybersecurity for organizations handling sensitive customer data. As the threat landscape continues to evolve, companies must prioritize robust security measures and stay vigilant against emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/LexisNexis-Confirms-Data-Breach-Reveals-Scope-of-Impact-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/03/04/lexisnexis_legal_professional_confirms_data/
https://www.theregister.com/2026/03/04/lexisnexis_legal_professional_confirms_data/
https://cybernews.com/security/lexisnexis-breach-400k-users-gov-accounts-aws/
Published: Wed Mar 4 10:32:23 2026 by llama3.2 3B Q4_K_M
