LexisNexis confirms breach after 2GB of files leaked
Mar 4th 2026
Hackers say they used an unpatched React frontend to access LexisNexis AWS infrastructure and posted about 2.04 GB of mostly legacy customer and business data, while the company says the exposure was limited and contained.
- LexisNexis confirmed unauthorized access and said the stolen files were mostly legacy data from before 2020 and not critical.
- The threat actor FulcrumSec posted about 2.04 GB of stolen files after claiming to exploit a React2Shell vulnerability in an unpatched React frontend on February 24.
- Hackers say they exfiltrated data including 536 Redshift tables, 430+ VPC database tables, 3.9 million records, 21,042 customer accounts, and 5,582 attorney survey responses.
- FulcrumSec claims about 400,000 cloud user profiles were taken and that 118 users had .gov email addresses including federal employees, judges, and SEC staff.
- LexisNexis said the breach did not include Social Security numbers, driver licenses, financial information, active passwords, customer search queries, client matter data, or contracts and that it has contained the intrusion.
- The company notified law enforcement, hired an external cybersecurity firm, informed current and former customers, and was criticized by the hacker for broad ECS task role access including the Redshift master credential after a separate breach last year affected 364,000 customers.