LexisNexis Vendor Cyber Rating & Cyber Score

lexisnexis.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

LexisNexis is a leading innovator of private, secure, and authoritative Legal AI solutions that help legal and business professionals draft full documents with ease, make informed decisions faster, and deliver outstanding work and improved outcomes, all powered by trusted content. LexisNexis Legal & Professional serves customers in more than 150 countries with 11,800 employees worldwide, and is part of RELX, a global provider of information-based analytics and decision tools for professional and business customers.

LexisNexis A.I CyberSecurity Scoring

LexisNexis

Company Details

Linkedin ID:

lexisnexis

Website:

https://www.lexisnexis.com/en-us/about-us/about-us.page

Employees number:

10,705

Number of followers:

391,074

NAICS:

5415

Industry Type:

IT Services and IT Consulting

Homepage:

lexisnexis.com

IP Addresses:

Scan still pending

Company ID:

LEX_4725814

Scan Status:

In-progress

AI scoreLexisNexis Risk Score (AI oriented)

Between 0 and 549

https://images.rankiteo.com/companyimages/lexisnexis.jpeg
LexisNexis IT Services and IT Consulting
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
Get a Score Increase
globalscoreLexisNexis Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/lexisnexis.jpeg
LexisNexis IT Services and IT Consulting
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

LexisNexis

Critical
Current Score
512
C (Critical)
01000
5 incidents
-48.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

MARCH 2026
586
Breach
03 Mar 2026 • RELX Group and LexisNexis Legal & Professional: LexisNexis Data Breach — Threat Actor Allegedly Claims 2.04 GB Stolen
FulcrumSec Claims Breach of LexisNexis, Exposing 2GB of Sensitive Legal Data

**FulcrumSec Claims Breach of LexisNexis, Exposing 2GB of Sensitive Legal Data** On March 3, 2026, the threat actor **FulcrumSec** publicly took responsibility for a breach of **LexisNexis Legal & Professional**, a division of RELX Group, alleging the theft of **2.04 GB of structured data** from the company’s **AWS cloud infrastructure**. The attack, which began on **February 24**, exploited the **React2Shell vulnerability** in an unpatched **React frontend application** a flaw reportedly left unaddressed for months. FulcrumSec gained access via the compromised **LawfirmsStoreECSTaskRole ECS task container**, which had broad permissions, including read access to: - **Production Redshift data warehouse** - **17 VPC databases** - **AWS Secrets Manager** - **Qualtrics survey platform** The actor criticized LexisNexis’s security practices, highlighting that the **RDS master password was set to "Lexis1234"** and that a single task role had access to **all AWS Secrets Manager entries**, including production database credentials. **Exposed Data Includes:** - **3.9 million database records** - **400,000 cloud user profiles** (names, emails, phone numbers, job functions) - **21,042 enterprise customer accounts** - **45 employee password hashes** - **118 .gov email accounts** (federal judges, DOJ attorneys, U.S. SEC staff, and court law clerks) - **53 plaintext AWS Secrets Manager secrets** - **Complete VPC infrastructure map** FulcrumSec clarified that this breach is **unrelated to the December 2024 GitHub incident**, where attackers stole **Social Security numbers of 364,000 individuals** via a third-party development platform. The repeated compromises raise concerns about **systemic security gaps** in one of the world’s largest legal data repositories.

508
critical -78
RELLEX1772562253
Incident Details -
Type
Data Breach
Attack Vector
Exploitation of unpatched vulnerability (React2Shell)
Vulnerability Exploited
React2Shell vulnerability in React frontend application
Impact
Data Compromised: 2.04 GB of structured data AWS cloud infrastructure Production Redshift data warehouse 17 VPC databases AWS Secrets Manager Qualtrics survey platform Brand Reputation Impact: Systemic security gaps concerns Identity Theft Risk: High (exposure of PII, .gov email accounts, and password hashes)
Data Breach
Database records Cloud user profiles Enterprise customer accounts Employee password hashes Government email accounts AWS Secrets Manager secrets VPC infrastructure map Number Of Records Exposed: 3.9 million database records, 400,000 cloud user profiles Sensitivity Of Data: High (PII, .gov accounts, plaintext secrets, password hashes) Data Exfiltration: 2.04 GB of data stolen Personally Identifiable Information: Names, emails, phone numbers, job functions, .gov email accounts
Initial Access Broker
Entry Point: LawfirmsStoreECSTaskRole ECS task container
Post Incident Analysis
Unpatched React2Shell vulnerability Over-permissive ECS task role Weak RDS master password (Lexis1234) Single task role with access to all AWS Secrets Manager entries
References
Blog URL Source URL
FEBRUARY 2026
664
Breach
24 Feb 2026 • LexisNexis Legal & Professional: LexisNexis confirms data breach as hackers leak stolen files
LexisNexis Data Breach After Hackers Exploit Unpatched React App

**LexisNexis Confirms Data Breach After Hackers Exploit Unpatched React App** LexisNexis Legal & Professional, a global provider of legal, regulatory, and business analytics tools, has confirmed a data breach after hackers exploited an unpatched React frontend application to gain access to its AWS infrastructure. The incident, which occurred on **February 24**, was disclosed following a **2GB data leak** by the threat actor **FulcrumSec** across underground forums. The breach stemmed from the **React2Shell vulnerability**, allowing attackers to infiltrate LexisNexis’ cloud environment. While the company stated that the compromised data was **"legacy and deprecated"** dating mostly from before **2020** it included **customer names, user IDs, business contact details, IP addresses from surveys, and support tickets**. LexisNexis emphasized that **no sensitive personal or financial data** (such as Social Security numbers, credit card details, or active passwords) was exposed. However, FulcrumSec claimed to have exfiltrated **3.9 million database records**, including: - **21,042 customer accounts** - **5,582 attorney survey responses** - **45 employee password hashes** - **53 AWS Secrets Manager secrets in plaintext** - **400,000 cloud user profiles** (with names, emails, and job functions) - **118 .gov email accounts** linked to **U.S. government employees, federal judges, DOJ attorneys, and SEC staff** The hackers also accessed **536 Redshift tables** and **430+ VPC database tables**, along with a **complete mapping of LexisNexis’ VPC infrastructure**. FulcrumSec criticized the company’s security practices, noting that a single **ECS task role had excessive read access**, including to the **production Redshift master credential**. LexisNexis stated that the intrusion was **contained** and that no evidence suggested **product or service disruption**. The company has engaged **law enforcement and external cybersecurity experts** to investigate and has notified affected customers. This incident follows a **2023 breach** where hackers compromised a corporate account, exposing data on **364,000 customers**.

646
critical -18
LEX1772555037
Incident Details -
Type
Data Breach
Attack Vector
Exploitation of unpatched React2Shell vulnerability in frontend application
Vulnerability Exploited
React2Shell vulnerability
Impact
Data Compromised: 2GB of data leaked, including customer names, user IDs, business contact details, IP addresses, survey responses, support tickets, employee password hashes, AWS Secrets Manager secrets, cloud user profiles, and government email accounts Systems Affected: AWS infrastructure, ECS task roles, Redshift tables, VPC database tables Downtime: No evidence of product or service disruption Operational Impact: Contained intrusion, no service disruption reported Identity Theft Risk: Potential risk due to exposed personal and business contact details Payment Information Risk: No sensitive financial data exposed
Response
Third Party Assistance: External cybersecurity experts engaged Law Enforcement Notified: Yes Containment Measures: Intrusion contained Communication Strategy: Notified affected customers
Data Breach
Customer names User IDs Business contact details IP addresses Survey responses Support tickets Employee password hashes AWS Secrets Manager secrets Cloud user profiles Government email accounts Number Of Records Exposed: 3.9 million database records Sensitivity Of Data: Legacy and deprecated data (mostly pre-2020), no sensitive personal or financial data exposed Data Exfiltration: Yes, 2GB of data leaked Personally Identifiable Information: Names, business contact details, IP addresses, government email accounts
Investigation Status
Ongoing
Customer Advisories
Affected customers notified
Initial Access Broker
Entry Point: Unpatched React frontend application High Value Targets: AWS Secrets Manager secrets, Redshift tables, VPC infrastructure
Post Incident Analysis
Root Causes: Unpatched React2Shell vulnerability, excessive read access in ECS task role
References
Blog URL Source URL
JANUARY 2026
662
DECEMBER 2025
660
NOVEMBER 2025
657
OCTOBER 2025
655
SEPTEMBER 2025
652
AUGUST 2025
650
JULY 2025
647
JUNE 2025
644
MAY 2025
642
APRIL 2025
639
JANUARY 2025
706
Breach
01 Jan 2025 • LexisNexis: LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability
LexisNexis Breach Exposes Millions of Records Due to Unpatched React Vulnerability

**LexisNexis Breach Exposes Millions of Records Due to Unpatched React Vulnerability** A major data breach at LexisNexis provider of legal and data analytics services to governments and corporations in over 150 countries has exposed nearly 4 million records, including customer accounts, password hashes, and cloud infrastructure details. The attack, carried out by the hacker group FulcrumSec, exploited an unpatched **React2Shell vulnerability** in the company’s systems, despite a patch being available since 2025. Hackers gained access to **AWS containers** containing sensitive data, leveraging insecure cloud configurations to exfiltrate over **2GB of stolen information**, later dumped on dark web platforms. Exposed data included: - **3.9 million database records** - **21,042 customer accounts** - **5,582 attorney survey responses** - **45 employee password hashes** - **53 AWS Secrets Manager secrets in plaintext** - **Complete VPC infrastructure mapping** LexisNexis confirmed the breach but downplayed its impact, stating the compromised servers contained mostly **legacy data pre-2020**, such as customer names, business contact details, and support tickets. The company assured that **no Social Security numbers, financial data, or active passwords** were exposed. Affected customers have been notified, and law enforcement has been engaged, along with a third-party cybersecurity firm to investigate and mitigate the incident. The breach underscores a persistent cybersecurity weakness: **failure to apply critical patches**. Despite the vulnerability being public for months, LexisNexis continued running an outdated React application, allowing attackers to exploit a known flaw. The incident highlights how even security-conscious organizations can fall victim to basic oversights, with potential ripple effects across government and legal sectors.

628
critical -78
LEX1772815548
Incident Details -
Type
Data Breach
Attack Vector
Unpatched Vulnerability (React2Shell)
Vulnerability Exploited
React2Shell
Impact
Data Compromised: 3.9 million database records, 21,042 customer accounts, 5,582 attorney survey responses, 45 employee password hashes, 53 AWS Secrets Manager secrets, VPC infrastructure mapping Systems Affected: AWS containers, legacy servers Brand Reputation Impact: Potential ripple effects across government and legal sectors
Response
Third Party Assistance: Third-party cybersecurity firm engaged Law Enforcement Notified: Yes Communication Strategy: Affected customers notified
Data Breach
Customer accounts Password hashes Cloud infrastructure details Attorney survey responses AWS Secrets Manager secrets Number Of Records Exposed: 3.9 million Sensitivity Of Data: Legacy data (pre-2020), including customer names, business contact details, and support tickets. No Social Security numbers, financial data, or active passwords exposed. Data Exfiltration: 2GB of stolen information dumped on dark web platforms Personally Identifiable Information: Customer names, business contact details
Lessons Learned
Failure to apply critical patches and persistent cybersecurity weaknesses due to outdated software.
Recommendations
Apply critical patches promptly, enhance cloud security configurations, and conduct regular vulnerability assessments.
Investigation Status
Ongoing
Customer Advisories
Affected customers notified
Initial Access Broker
Entry Point: Unpatched React2Shell vulnerability High Value Targets: AWS containers, legacy servers Data Sold On Dark Web: Yes
Post Incident Analysis
Root Causes: Unpatched React2Shell vulnerability, insecure cloud configurations
References
Blog URL Source URL
DECEMBER 2024
760
Breach
01 Dec 2024 • LexisNexis Risk Solutions and LexisNexis: LexisNexis Investigates Breach, Customer Data Access
LexisNexis Data Breach Affecting Legacy Customer Data

**LexisNexis Confirms Data Breach Affecting Legacy Customer Data** LexisNexis, the legal and business intelligence provider, has confirmed a data breach involving legacy servers containing customer information. The incident, disclosed on Tuesday, exposed names, business contact details, user identities, product usage records, IP addresses from customer surveys, and support ticket data though no sensitive personally identifiable information (PII) such as Social Security numbers, financial details, or active passwords was accessed. The company stated that the breach was contained following an investigation, with no evidence of compromise to its active products or services. LexisNexis engaged an unnamed cybersecurity forensic firm and notified law enforcement, as well as affected current and former customers. The compromised servers held deprecated data from before 2020. Threat actor **FulcrumSec** claimed responsibility, alleging access to LexisNexis’ Amazon Web Services (AWS) infrastructure via an unpatched **React2Shell** vulnerability in a frontend application. The group posted 2GB of files in underground forums, asserting that the breach impacted records from law firms, insurance companies, government agencies, and universities. FulcrumSec also claimed to have contacted LexisNexis about the incident but received no cooperation. This is not the first breach for LexisNexis. In December 2024, its **Risk Solutions** division suffered an incident affecting 364,000 individuals, discovered in 2025. FulcrumSec has also taken credit for a prior breach at electronics distributor **Avnet**, confirmed in October. The incident follows recent high-profile cyberattacks, including the exploitation of **Fortinet FortiGate firewalls**, a **July 2025 ransomware attack on Ingram Micro**, and critical vulnerabilities in **Ivanti’s mobile management tools**.

705
critical -55
LEX1772584112
Incident Details -
Type
Data Breach
Attack Vector
Unpatched React2Shell vulnerability in a frontend application
Vulnerability Exploited
React2Shell
Impact
Data Compromised: Names, business contact details, user identities, product usage records, IP addresses, support ticket data Systems Affected: Legacy servers (deprecated data from before 2020)
Response
Third Party Assistance: Unnamed cybersecurity forensic firm Law Enforcement Notified: Yes Containment Measures: Breach contained following investigation Communication Strategy: Notified affected current and former customers
Data Breach
Type Of Data Compromised: Legacy customer data Sensitivity Of Data: Non-sensitive PII (no Social Security numbers, financial details, or active passwords) Data Exfiltration: 2GB of files posted in underground forums Personally Identifiable Information: Names, business contact details, user identities, IP addresses
Investigation Status
Contained
Customer Advisories
Notified affected current and former customers
Initial Access Broker
Entry Point: AWS infrastructure via unpatched React2Shell vulnerability
Post Incident Analysis
Root Causes: Unpatched React2Shell vulnerability in a frontend application
References
Blog URL Source URL
JANUARY 2020
780
Breach
01 Jan 2020 • LexisNexis: LexisNexis confirms data breach, says hackers hit customer and business info
LexisNexis Data Breach: Hackers Claim Far Greater Access Than Company Admits

**LexisNexis Data Breach: Hackers Claim Far Greater Access Than Company Admits** Cybersecurity researchers have uncovered a data breach at LexisNexis, the U.S.-based analytics firm, with hackers alleging far more extensive access than the company has acknowledged. The threat actor group *FulcrumSec* leaked 2GB of stolen files on underground forums, claiming to have exploited an unpatched React frontend application using the open-source post-exploitation tool *React2Shell*. According to the hackers, the breach exposed hundreds of Redshift and VPC database tables, plaintext AWS Secrets Manager credentials, employee password hashes, and millions of records. Among the compromised data were details of over 100 government users, including federal judges, U.S. Department of Justice attorneys, and SEC staff, as well as approximately 400,000 cloud user profiles containing names, email addresses, phone numbers, and job functions. LexisNexis confirmed the incident but downplayed its severity, stating that the stolen data was "legacy" and "deprecated," dating back to before 2020. The company asserted that the breach did not involve Social Security numbers, financial details, active passwords, or sensitive legal or contractual information. A spokesperson noted that the exposed data included only outdated customer names, user IDs, business contact details, and support ticket records. FulcrumSec claimed it attempted to negotiate with LexisNexis likely for a ransom but the company declined to engage. LexisNexis has since stated that the attack has been contained. The discrepancy between the hackers' claims and the company’s response raises questions about the true scope of the breach and its potential impact on affected users.

710
critical -70
LEX1772641919
Incident Details -
Type
Data Breach
Attack Vector
Exploitation of unpatched React frontend application (React2Shell)
Vulnerability Exploited
Unpatched React frontend application
Motivation
Likely financial (ransom negotiation attempted)
Impact
Data Compromised: 2GB of stolen files, including database tables, AWS Secrets Manager credentials, employee password hashes, and millions of records Redshift databases VPC databases AWS Secrets Manager Brand Reputation Impact: Potential reputational damage due to discrepancy in breach scope Identity Theft Risk: High (exposure of names, email addresses, phone numbers, and job functions)
Response
Containment Measures: Attack contained (per company statement) Communication Strategy: Public statement downplaying severity
Data Breach
Database tables AWS Secrets Manager credentials Employee password hashes User profiles Number Of Records Exposed: Millions of records (including ~400,000 cloud user profiles) Sensitivity Of Data: High (government users, plaintext credentials, PII) Data Exfiltration: 2GB of files leaked on underground forums Names Email addresses Phone numbers Job functions
Investigation Status
['Contained (per company statement)']
Initial Access Broker
Entry Point: Unpatched React frontend application Government users Cloud user profiles
Post Incident Analysis
Root Causes: Unpatched vulnerability in React frontend application
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for LexisNexis is 512, which corresponds to a Critical rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2026 was 664.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2026 was 662.

According to Rankiteo, the A.I. Rankiteo Cyber Score for December 2025 was 660.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 657.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 655.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 652.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 650.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 647.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 644.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 642.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 639.

Over the past 12 months, the average per-incident point impact on LexisNexis’s A.I Rankiteo Cyber Score has been -48.0 points.

You can access LexisNexis’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/lexisnexis.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view LexisNexis’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/lexisnexis.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.