LexisNexis Legal and Professional recently confirmed a data breach after a threat actor known as FulcrumSec leaked approximately 2GB of stolen files onto underground forums. The company reported that while unauthorized access to its AWS infrastructure occurred, the compromised data was largely legacy information from before 2020.

LexisNexis, a major global provider of legal and regulatory analytics, acknowledged that a limited number of its servers were accessed by an unauthorized party. The company clarified that the breach primarily affected deprecated data such as customer names, business contact details, and support tickets rather than modern sensitive records. Crucially, the firm stated that no Social Security numbers, financial information, or active passwords were included in the exfiltrated files, and their core products and services remain unaffected.

The intrusion was reportedly made possible by a vulnerability in the company's cloud environment. The threat actor claimed to have gained entry on February 24 by exploiting a flaw referred to as React2Shell within an unpatched React frontend application. This exploit allowed the attacker to move within the AWS infrastructure and exfiltrate structured data. LexisNexis has since stated that the intrusion has been contained and that they have found no evidence of ongoing risk to their current systems.

Despite the company's characterization of the data as non-critical, the threat actor highlighted the specific profiles of those affected. FulcrumSec claimed the stolen information includes data related to over 100 users with government email addresses. This list reportedly features high-profile individuals such as federal judges, Department of Justice attorneys, and staff from the U.S. Securities and Exchange Commission, raising concerns about the potential for targeted phishing or social engineering.

The 2.04GB leak serves as a reminder of the persistent risks associated with unpatched software in large-scale cloud environments. While LexisNexis maintains that the breach was limited in scope and involved dated records, the public nature of the leak on criminal forums has forced the company to address the security gap directly. The firm continues to investigate the full extent of the exposure to ensure all affected business contact information is accounted for.

This incident marks another significant target for cybercriminals looking to exploit vulnerabilities in well-established corporate infrastructures. As LexisNexis works to reinforce its React containers and cloud security protocols, the focus remains on whether the leaked metadata could be leveraged for further attacks against the legal and government professionals identified in the data. The company concludes that the breach is an isolated incident involving a specific set of legacy servers.

Source: LexisNexis Data Breach Confirmed After Hackers Leak Stolen Files