LexisNexis A.I CyberSecurity Scoring
LexisNexis
Company Information
Website:https://www.lexisnexis.com/en-us/about-us/about-us.page
Employees number:10,705
Number of followers:391,074
NAICS:5415
Industry Type:IT Services and IT Consulting
Homepage:lexisnexis.com
LexisNexis Risk Score (AI oriented)
Between 0 and 549
LexisNexisIT Services and IT Consulting
Updated:
23/06/2026
23/06/2026
443/1000
Critical
C
LexisNexis Global Score (TPRM)
xxxx
LexisNexisIT Services and IT Consulting
Score locked

LexisNexisCritical
Current Score
443C (CRITICAL)
01000
7 incidents
-61 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
445
JUNE 2026
476
Cyber Attack
23 Jun 2026 • LexisNexis
Stryker, Fortinet, Ivanti, Salesforce, Cisco, Carnival Corporation, Telus Digital, LexisNexis, OpenAI and Charter Communications: 10 Major Cyberattacks And Data Breaches In 2026 (So Far)
2026 Mid-Year Cybersecurity Roundup: AI-Powered Attacks and High-Profile Breaches Dominate
444
CRITICAL-32
FORCISTELLEXSALCHAIVACAROPESTR1782226177
2026 Mid-Year Cybersecurity Roundup: AI-Powered Attacks and High-Profile Breaches Dominate
The first half of 2026 has seen a sharp rise in cyberattacks, many leveraging AI-driven techniques to accelerate exploitation and evade defenses. From zero-day vulnerabilities to data-wiping campaigns, threat actors have targeted critical infrastructure, healthcare, education, and enterprise systems often with devastating consequences. Below are 10 major incidents that defined the cybersecurity landscape in early 2026.
### Critical Infrastructure Under Fire
- Cisco SD-WAN Zero-Day Attacks (February): The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive after attackers exploited a critical authentication bypass flaw in Cisco’s Catalyst SD-WAN systems, allowing unauthenticated remote access with administrative privileges. Cisco’s Talos team confirmed the campaign had been active since at least 2023.
- Ivanti EPMM Exploits (April): CISA mandated federal agencies to patch a critical code injection vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) within four days, as attackers exploited the flaw for unauthenticated remote code execution. Ivanti reported limited customer impact but warned of active exploitation.
- Fortinet FortiClient EMS Vulnerability (April): Fortinet released an emergency patch for a critical privilege escalation flaw (CVE-2026-35616) in its FortiClient EMS platform, rated 9.1/10 in severity. The company confirmed in-the-wild exploitation, urging immediate updates.
### Healthcare and Data Extortion Surge
- Stryker Data-Wiping Attack (March): Medical technology giant Stryker suffered a destructive attack by the Iran-linked Handala group, which compromised a Windows domain administrator account to wipe devices and steal data. CISA later warned organizations to harden endpoint management systems. Stryker restored operations within three weeks.
- ShinyHunters’ Rampage: The data-extortion group dominated early 2026, accounting for 14 of 37 "mega-breaches" (January–May), per Hackmageddon. Key incidents included:
- Canvas LMS Breach (May): Instructure confirmed a compromise of its Free-For-Teacher program, exposing names, emails, student IDs, and private messages for 275 million users across schools and universities. Some colleges faced disruptions during finals season.
- Salesforce, Charter, Carnival, and More: ShinyHunters exploited misconfigured Salesforce Experience Cloud sites, gaining excessive guest access, and breached Charter Communications, Carnival Corporation, Telus Digital, and the Council of Europe.
### Legacy Systems and Supply Chain Risks
- LexisNexis Breach (March): Hackers accessed legacy servers containing pre-2020 customer data, including names, contact details, IP addresses, and support tickets. Threat actor FulcrumSec claimed access via an unpatched React frontend vulnerability (React2Shell) in LexisNexis’ AWS infrastructure.
- Dashlane 2FA Brute-Force Attack (June): Password manager Dashlane disclosed a brute-force attack targeting six-digit 2FA codes, allowing attackers to register new devices on user accounts. Fewer than 20 customers had encrypted vaults downloaded, though Dashlane’s systems remained uncompromised.
- OpenAI & Anthropic Supply Chain Incidents:
- Anthropic (April): Unauthorized access to its unreleased vulnerability tool, Claude Mythos Preview, occurred via a third-party vendor, not a direct breach.
- OpenAI (May): Two employee devices were compromised in the TanStack "Mini Shai-Hulud" supply-chain attack, though customer data and production systems remained unaffected.
### AI and the Acceleration of Threats
Cybersecurity leaders warned that AI-driven attacks are shrinking response windows from days to seconds, overwhelming traditional patching strategies. Microsoft’s June "Patch Tuesday" set a record with 208 vulnerabilities, underscoring the growing challenge of vulnerability management. Experts emphasized the need for automated, AI-powered defenses to counter machine-speed threats a shift already underway as attackers weaponize generative AI for reconnaissance, phishing, and exploit development.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MAY 2026
469
APRIL 2026
464
MARCH 2026
532
Breach
03 Mar 2026 • LexisNexis
RELX Group and LexisNexis Legal & Professional: LexisNexis Data Breach — Threat Actor Allegedly Claims 2.04 GB Stolen
FulcrumSec Claims Breach of LexisNexis, Exposing 2GB of Sensitive Legal Data
454
CRITICAL-78
RELLEX1772562253
FulcrumSec Claims Breach of LexisNexis, Exposing 2GB of Sensitive Legal Data
On March 3, 2026, the threat actor FulcrumSec publicly took responsibility for a breach of LexisNexis Legal & Professional, a division of RELX Group, alleging the theft of 2.04 GB of structured data from the company’s AWS cloud infrastructure. The attack, which began on February 24, exploited the React2Shell vulnerability in an unpatched React frontend application a flaw reportedly left unaddressed for months.
FulcrumSec gained access via the compromised LawfirmsStoreECSTaskRole ECS task container, which had broad permissions, including read access to:
- Production Redshift data warehouse
- 17 VPC databases
- AWS Secrets Manager
- Qualtrics survey platform
The actor criticized LexisNexis’s security practices, highlighting that the RDS master password was set to "Lexis1234" and that a single task role had access to all AWS Secrets Manager entries, including production database credentials.
Exposed Data Includes:
- 3.9 million database records
- 400,000 cloud user profiles (names, emails, phone numbers, job functions)
- 21,042 enterprise customer accounts
- 45 employee password hashes
- 118 .gov email accounts (federal judges, DOJ attorneys, U.S. SEC staff, and court law clerks)
- 53 plaintext AWS Secrets Manager secrets
- Complete VPC infrastructure map
FulcrumSec clarified that this breach is unrelated to the December 2024 GitHub incident, where attackers stole Social Security numbers of 364,000 individuals via a third-party development platform. The repeated compromises raise concerns about systemic security gaps in one of the world’s largest legal data repositories.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
610
Breach
24 Feb 2026 • LexisNexis
LexisNexis Legal & Professional: LexisNexis confirms data breach as hackers leak stolen files
LexisNexis Data Breach After Hackers Exploit Unpatched React App
532
CRITICAL-78
LEX1772555037
LexisNexis Confirms Data Breach After Hackers Exploit Unpatched React App
LexisNexis Legal & Professional, a global provider of legal, regulatory, and business analytics tools, has confirmed a data breach after hackers exploited an unpatched React frontend application to gain access to its AWS infrastructure. The incident, which occurred on February 24, was disclosed following a 2GB data leak by the threat actor FulcrumSec across underground forums.
The breach stemmed from the React2Shell vulnerability, allowing attackers to infiltrate LexisNexis’ cloud environment. While the company stated that the compromised data was "legacy and deprecated" dating mostly from before 2020 it included customer names, user IDs, business contact details, IP addresses from surveys, and support tickets. LexisNexis emphasized that no sensitive personal or financial data (such as Social Security numbers, credit card details, or active passwords) was exposed.
However, FulcrumSec claimed to have exfiltrated 3.9 million database records, including:
- 21,042 customer accounts
- 5,582 attorney survey responses
- 45 employee password hashes
- 53 AWS Secrets Manager secrets in plaintext
- 400,000 cloud user profiles (with names, emails, and job functions)
- 118 .gov email accounts linked to U.S. government employees, federal judges, DOJ attorneys, and SEC staff
The hackers also accessed 536 Redshift tables and 430+ VPC database tables, along with a complete mapping of LexisNexis’ VPC infrastructure. FulcrumSec criticized the company’s security practices, noting that a single ECS task role had excessive read access, including to the production Redshift master credential.
LexisNexis stated that the intrusion was contained and that no evidence suggested product or service disruption. The company has engaged law enforcement and external cybersecurity experts to investigate and has notified affected customers. This incident follows a 2023 breach where hackers compromised a corporate account, exposing data on 364,000 customers.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2026
660
Breach
01 Jan 2026 • LexisNexis
LexisNexis: Healthcare AuthorityDeals & Corporate GovernanceDigital Health & TechnologyOtherPolicy & Compliance
Law Firm Data Breach Report Highlights Rising Cybersecurity Threats in Legal Sector
604
CRITICAL-56
LEX1782211793
Law Firm Data Breach Report Highlights Rising Cybersecurity Threats in Legal Sector
A recent Law Firm Data Breach Report underscores the growing cybersecurity risks facing law firms, revealing a surge in targeted attacks against legal organizations. The report, compiled by LexisNexis’s Law360 Pulse and Mealey’s, details how threat actors are increasingly exploiting vulnerabilities in law firm networks to access sensitive client data, intellectual property, and confidential case information.
Key findings include a rise in ransomware attacks, phishing schemes, and third-party breaches, with mid-sized and large firms identified as prime targets due to their handling of high-value corporate and litigation data. The report notes that many firms lack robust incident response protocols, leaving them vulnerable to prolonged disruptions and regulatory scrutiny.
While the exact timeline of incidents remains undisclosed, the report emphasizes that breaches have occurred across multiple U.S. jurisdictions, with notable cases involving unauthorized access to email systems, document repositories, and client databases. The financial and reputational fallout has prompted some firms to reassess their cybersecurity frameworks, though gaps in employee training and endpoint protection persist.
The findings serve as a stark reminder of the legal sector’s appeal to cybercriminals, driven by the combination of lucrative data and often inadequate defenses. As regulatory pressures mount including stricter state and federal breach notification laws the report signals an urgent need for firms to prioritize cybersecurity measures to mitigate risks.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
660
NOVEMBER 2025
657
OCTOBER 2025
655
SEPTEMBER 2025
652
AUGUST 2025
650
JANUARY 2025
706
Breach
01 Jan 2025 • LexisNexis
LexisNexis: LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability
LexisNexis Breach Exposes Millions of Records Due to Unpatched React Vulnerability
628
CRITICAL-78
LEX1772815548
LexisNexis Breach Exposes Millions of Records Due to Unpatched React Vulnerability
A major data breach at LexisNexis provider of legal and data analytics services to governments and corporations in over 150 countries has exposed nearly 4 million records, including customer accounts, password hashes, and cloud infrastructure details. The attack, carried out by the hacker group FulcrumSec, exploited an unpatched React2Shell vulnerability in the company’s systems, despite a patch being available since 2025.
Hackers gained access to AWS containers containing sensitive data, leveraging insecure cloud configurations to exfiltrate over 2GB of stolen information, later dumped on dark web platforms. Exposed data included:
- 3.9 million database records
- 21,042 customer accounts
- 5,582 attorney survey responses
- 45 employee password hashes
- 53 AWS Secrets Manager secrets in plaintext
- Complete VPC infrastructure mapping
LexisNexis confirmed the breach but downplayed its impact, stating the compromised servers contained mostly legacy data pre-2020, such as customer names, business contact details, and support tickets. The company assured that no Social Security numbers, financial data, or active passwords were exposed. Affected customers have been notified, and law enforcement has been engaged, along with a third-party cybersecurity firm to investigate and mitigate the incident.
The breach underscores a persistent cybersecurity weakness: failure to apply critical patches. Despite the vulnerability being public for months, LexisNexis continued running an outdated React application, allowing attackers to exploit a known flaw. The incident highlights how even security-conscious organizations can fall victim to basic oversights, with potential ripple effects across government and legal sectors.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2024
760
Breach
01 Dec 2024 • LexisNexis
LexisNexis Risk Solutions and LexisNexis: LexisNexis Investigates Breach, Customer Data Access
LexisNexis Data Breach Affecting Legacy Customer Data
705
CRITICAL-55
LEX1772584112
LexisNexis Confirms Data Breach Affecting Legacy Customer Data
LexisNexis, the legal and business intelligence provider, has confirmed a data breach involving legacy servers containing customer information. The incident, disclosed on Tuesday, exposed names, business contact details, user identities, product usage records, IP addresses from customer surveys, and support ticket data though no sensitive personally identifiable information (PII) such as Social Security numbers, financial details, or active passwords was accessed.
The company stated that the breach was contained following an investigation, with no evidence of compromise to its active products or services. LexisNexis engaged an unnamed cybersecurity forensic firm and notified law enforcement, as well as affected current and former customers. The compromised servers held deprecated data from before 2020.
Threat actor FulcrumSec claimed responsibility, alleging access to LexisNexis’ Amazon Web Services (AWS) infrastructure via an unpatched React2Shell vulnerability in a frontend application. The group posted 2GB of files in underground forums, asserting that the breach impacted records from law firms, insurance companies, government agencies, and universities. FulcrumSec also claimed to have contacted LexisNexis about the incident but received no cooperation.
This is not the first breach for LexisNexis. In December 2024, its Risk Solutions division suffered an incident affecting 364,000 individuals, discovered in 2025. FulcrumSec has also taken credit for a prior breach at electronics distributor Avnet, confirmed in October.
The incident follows recent high-profile cyberattacks, including the exploitation of Fortinet FortiGate firewalls, a July 2025 ransomware attack on Ingram Micro, and critical vulnerabilities in Ivanti’s mobile management tools.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2020
780
Breach
01 Jan 2020 • LexisNexis
LexisNexis: LexisNexis confirms data breach, says hackers hit customer and business info
LexisNexis Data Breach: Hackers Claim Far Greater Access Than Company Admits
710
CRITICAL-70
LEX1772641919
LexisNexis Data Breach: Hackers Claim Far Greater Access Than Company Admits
Cybersecurity researchers have uncovered a data breach at LexisNexis, the U.S.-based analytics firm, with hackers alleging far more extensive access than the company has acknowledged. The threat actor group FulcrumSec leaked 2GB of stolen files on underground forums, claiming to have exploited an unpatched React frontend application using the open-source post-exploitation tool React2Shell.
According to the hackers, the breach exposed hundreds of Redshift and VPC database tables, plaintext AWS Secrets Manager credentials, employee password hashes, and millions of records. Among the compromised data were details of over 100 government users, including federal judges, U.S. Department of Justice attorneys, and SEC staff, as well as approximately 400,000 cloud user profiles containing names, email addresses, phone numbers, and job functions.
LexisNexis confirmed the incident but downplayed its severity, stating that the stolen data was "legacy" and "deprecated," dating back to before 2020. The company asserted that the breach did not involve Social Security numbers, financial details, active passwords, or sensitive legal or contractual information. A spokesperson noted that the exposed data included only outdated customer names, user IDs, business contact details, and support ticket records.
FulcrumSec claimed it attempted to negotiate with LexisNexis likely for a ransom but the company declined to engage. LexisNexis has since stated that the attack has been contained. The discrepancy between the hackers' claims and the company’s response raises questions about the true scope of the breach and its potential impact on affected users.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for LexisNexis ??
What was LexisNexis's A.I Rankiteo Cyber Score in June 2026 ??
What was LexisNexis's A.I Rankiteo Cyber Score in May 2026 ??
What was LexisNexis's A.I Rankiteo Cyber Score in April 2026 ??
What was LexisNexis's A.I Rankiteo Cyber Score in March 2026 ??
What was LexisNexis's A.I Rankiteo Cyber Score in February 2026 ??
What was LexisNexis's A.I Rankiteo Cyber Score in January 2026 ??
What was LexisNexis's A.I Rankiteo Cyber Score in December 2025 ??
What was LexisNexis's A.I Rankiteo Cyber Score in November 2025 ??
What was LexisNexis's A.I Rankiteo Cyber Score in October 2025 ??
What was LexisNexis's A.I Rankiteo Cyber Score in September 2025 ??
What was LexisNexis's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on LexisNexis's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with LexisNexis ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view LexisNexis's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?