LexisNexis Risk Solutions Reveals GitHub Security Breach Exposing 364,000 Personal Records

Data analytics company LexisNexis Risk Solutions (LNRS) has disclosed that cybercriminals accessed personal information belonging to over 364,000 individuals through a compromised third-party development platform in late 2024.

The Atlanta-based firm discovered the security incident on April 1, 2025, nearly four months after the actual breach occurred on December 25, 2024. According to notification documents filed with Maine's Attorney General, an anonymous source alerted the company to the unauthorized access.

"Cybercriminals gained entry to certain LNRS information through a third-party software development platform. This incident did not impact LNRS's internal networks or infrastructure," the organization stated in its breach notification.

The compromised data encompasses sensitive personal identifiers including full names, birth dates, telephone numbers, email contacts, Social Security numbers, and driver's license information. However, the company emphasized that no payment card details or banking information were involved in the breach.

"We have found no indication that the stolen data has been exploited for malicious purposes," LNRS noted, adding that appropriate law enforcement agencies have been contacted regarding the incident.

The security breach specifically involved unauthorized access to the company's GitHub repository, where attackers obtained both software development materials and personal customer data. Despite the significant data exposure, LNRS maintains that its core operational systems remained secure throughout the incident.

LNRS has confirmed that 364,333 people were impacted by the data compromise and is offering affected individuals complimentary identity theft protection and credit monitoring services for a two-year period.

The company, which specializes in collecting and analyzing personal information from public records and various databases, serves clients across financial services, insurance, healthcare, and government sectors. These organizations rely on LNRS data to assess risks and detect fraudulent activities.

"Our internal systems, infrastructure, and product offerings were not compromised during this event. We are in the process of notifying roughly 360,000 affected individuals and have engaged with appropriate regulatory bodies and law enforcement," an LNRS spokesperson confirmed when contacted for additional details.