Severe LexisNexis Data Breach Could Spark Class-Action Lawsuit

LexisNexis Risk Solutions, a data broker, recently revealed a data breach that occurred in December of the prior year. While not affecting as many people as some other prominent data breaches, like the DISA hack, which exposed data from 3.3 million individuals, this incident highlights ongoing concerns regarding companies collecting and profiting from user data. LexisNexis Risk Solutions specializes in using personal and financial information obtained from consumers to help companies conduct risk assessments on potential customers and identify fraudulent activities. For instance, data collected on vehicle driving behaviors from car manufacturers is sold to insurance companies for premium calculations, and law enforcement agencies access information from LexisNexis about suspects.

The breach at LexisNexis impacted over 364,000 individuals by exposing sensitive information, including Social Security numbers. The incident has raised the prospect of a class-action lawsuit being initiated. The breach incident came to light following a filing by the company with the Maine attorney general’s office, revealing that a breach had occurred on Christmas Day in 2024 but was not detected until mid-May in 2025. The breach, which originated from a third-party platform used by LexisNexis, potentially compromised details such as names, phone numbers, addresses, email addresses, driver’s license numbers, dates of birth, and Social Security numbers. Fortunately, no financial or credit card information was affected, and there have been no immediate signs of misuse of the breached data.

In an effort to mitigate the consequences of the breach, LexisNexis has reached out to impacted individuals with a notification sent on May 24. Recipients of the notice are advised not to disregard it and instead take action by enrolling in the 24-month identity protection and credit monitoring services offered through Experian IdentityWorks. To avail of these services, individuals must complete the online enrollment process by August 31, 2025, using the activation code included in the notification. Furthermore, those affected have the option to express their interest in participating in a class-action lawsuit against LexisNexis by engaging with the Oklahoma-based firm Abington Cole + Ellery. Submission of details through an online form, including name, contact information, and association with the breach, enables individuals to volunteer as potential class representatives.

Even for those not intending to join the legal proceedings, it is crucial to remain vigilant against potential identity theft. Monitoring your credit report regularly, scrutinizing account activities for any unauthorized transactions, and safeguarding your Social Security number are essential precautions to prevent fraudulent activities in your name. Employing measures like freezing your credit and setting up fraud alerts can further enhance the security of your personal information. This breach underscores the critical need for individuals to stay proactive in protecting their sensitive data from the threat of cyber incidents.