LexisNexis Risk Solutions (LNRS), a major data broker, has revealed a data breach that occurred late last year. Although this incident affects fewer individuals compared to other significant breaches—like the DISA breach, which compromised information from 3.3 million people—it highlights persistent concerns regarding the handling and monetization of user data by companies.

Per reports from TechCrunch, LexisNexis utilizes consumer personal and financial information to assist businesses in evaluating potential clients and preventing fraudulent activities. For instance, LexisNexis provides driving data gathered by car manufacturers to insurance companies for premium calculations, while law enforcement agencies access information on suspects from LexisNexis. It is noteworthy that LexisNexis Risk Solutions operates under the umbrella of the parent company that includes the data analytics and research entity LexisNexis.

This breach has compromised information related to 364,333 individuals, and there are indications of a potential class action lawsuit emerging from this incident. Here’s a closer look at the details.

According to the official statement released to the Maine attorney general’s office, the breach occurred on December 25, 2024, but it wasn’t detected until May 14, 2025. A third-party platform utilized by LexisNexis experienced a cyber breach, leading to the exposure of sensitive details that may include:

• Name
• Phone Number
• Mailing Address
• Email Address
• Social Security Number
• Driver’s License Number
• Date of Birth

In a notification addressed to those impacted, LexisNexis reassured that financial or credit card information was not exposed, and no evident misuse of the disclosed data has been reported thus far. Additional specifics about the breach have been limited, with confirmation that the company’s internal systems were not compromised.

On May 24, LexisNexis dispatched notifications to individuals whose data may have been breached. Therefore, it is crucial not to discard any correspondence received from LexisNexis Risk Solutions. The company is providing 24 months of identity theft protection and credit monitoring services through Experian IdentityWorks, and enrollment must be completed online by August 31, 2025, using the activation code shared in the notification.

Individuals affected by this breach may also express their interest in participating in a class action lawsuit against LexisNexis, in collaboration with the Oklahoma-based firm Abington Cole + Ellery. Interested parties can submit an online form to be considered as potential class representatives, which should include their name, contact details, and their relationship to the breach.

Moreover, regardless of participation in the class action, monitoring for indicators of identity theft is highly recommended. Regularly reviewing your credit report—available for free weekly—and keeping tabs on financial accounts for unauthorized activities are essential steps. Other protective measures include freezing your credit, setting up a fraud alert, and implementing strategies to secure your Social Security number from potential misuse.