FulcrumSec Claims Breach of LexisNexis, Exposing 2GB of Sensitive Legal Data On March 3, 2026, the threat actor FulcrumSec publicly took responsibility for a breach of LexisNexis Legal & Professional, a division of RELX Group, alleging the theft of 2.04 GB of structured data from the company’s AWS cloud infrastructure. The attack, which began on February 24, exploited the React2Shell vulnerability in an unpatched React frontend application a flaw reportedly left unaddressed for months. FulcrumSec gained access via the compromised LawfirmsStoreECSTaskRole ECS task container, which had broad permissions, including read access to: - Production Redshift data warehouse - 17 VPC databases - AWS Secrets Manager - Qualtrics survey platform The actor criticized LexisNexis’s security practices, highlighting that the RDS master password was set to "Lexis1234" and that a single task role had access to all AWS Secrets Manager entries, including production database credentials. Exposed Data Includes: - 3.9 million database records - 400,000 cloud user profiles (names, emails, phone numbers, job functions) - 21,042 enterprise customer accounts - 45 employee password hashes - 118 .gov email accounts (federal judges, DOJ attorneys, U.S. SEC staff, and court law clerks) - 53 plaintext AWS Secrets Manager secrets - Complete VPC infrastructure map FulcrumSec clarified that this breach is unrelated to the December 2024 GitHub incident, where attackers stole Social Security numbers of 364,000 individuals via a third-party development platform. The repeated compromises raise concerns about systemic security gaps in one of the world’s largest legal data repositories.