LexisNexis Legal A.I CyberSecurity Scoring
LexisNexis Legal
Company Information
Website:http://www.lexisnexis.com/business-of-law
Employees number:445
Number of followers:13,007
NAICS:5112
Industry Type:Software Development
Homepage:lexisnexis.com
LexisNexis Legal Risk Score (AI oriented)
Between 650 and 699
LexisNexis LegalSoftware Development
Updated:
04/04/2026
04/04/2026
662/1000
Weak
B
LexisNexis Legal Global Score (TPRM)
xxxx
LexisNexis LegalSoftware Development
Score locked

LexisNexis LegalWeak
Current Score
662B (WEAK)
01000
1 incidents
-95 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
668
JUNE 2026
667
MAY 2026
665
APRIL 2026
664
MARCH 2026
755
Breach
03 Mar 2026 • LexisNexis Legal
RELX Group and LexisNexis Legal & Professional: LexisNexis Data Breach — Threat Actor Allegedly Claims 2.04 GB Stolen
FulcrumSec Claims Breach of LexisNexis, Exposing 2GB of Sensitive Legal Data
660
CRITICAL-95
RELLEX1772562253
FulcrumSec Claims Breach of LexisNexis, Exposing 2GB of Sensitive Legal Data
On March 3, 2026, the threat actor FulcrumSec publicly took responsibility for a breach of LexisNexis Legal & Professional, a division of RELX Group, alleging the theft of 2.04 GB of structured data from the company’s AWS cloud infrastructure. The attack, which began on February 24, exploited the React2Shell vulnerability in an unpatched React frontend application a flaw reportedly left unaddressed for months.
FulcrumSec gained access via the compromised LawfirmsStoreECSTaskRole ECS task container, which had broad permissions, including read access to:
- Production Redshift data warehouse
- 17 VPC databases
- AWS Secrets Manager
- Qualtrics survey platform
The actor criticized LexisNexis’s security practices, highlighting that the RDS master password was set to "Lexis1234" and that a single task role had access to all AWS Secrets Manager entries, including production database credentials.
Exposed Data Includes:
- 3.9 million database records
- 400,000 cloud user profiles (names, emails, phone numbers, job functions)
- 21,042 enterprise customer accounts
- 45 employee password hashes
- 118 .gov email accounts (federal judges, DOJ attorneys, U.S. SEC staff, and court law clerks)
- 53 plaintext AWS Secrets Manager secrets
- Complete VPC infrastructure map
FulcrumSec clarified that this breach is unrelated to the December 2024 GitHub incident, where attackers stole Social Security numbers of 364,000 individuals via a third-party development platform. The repeated compromises raise concerns about systemic security gaps in one of the world’s largest legal data repositories.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
755
JANUARY 2026
755
DECEMBER 2025
755
NOVEMBER 2025
755
OCTOBER 2025
755
SEPTEMBER 2025
755
AUGUST 2025
755
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for LexisNexis Legal ??
What was LexisNexis Legal's A.I Rankiteo Cyber Score in June 2026 ??
What was LexisNexis Legal's A.I Rankiteo Cyber Score in May 2026 ??
What was LexisNexis Legal's A.I Rankiteo Cyber Score in April 2026 ??
What was LexisNexis Legal's A.I Rankiteo Cyber Score in March 2026 ??
What was LexisNexis Legal's A.I Rankiteo Cyber Score in February 2026 ??
What was LexisNexis Legal's A.I Rankiteo Cyber Score in January 2026 ??
What was LexisNexis Legal's A.I Rankiteo Cyber Score in December 2025 ??
What was LexisNexis Legal's A.I Rankiteo Cyber Score in November 2025 ??
What was LexisNexis Legal's A.I Rankiteo Cyber Score in October 2025 ??
What was LexisNexis Legal's A.I Rankiteo Cyber Score in September 2025 ??
What was LexisNexis Legal's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on LexisNexis Legal's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with LexisNexis Legal ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view LexisNexis Legal's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?