LexisNexis Legal & Professional confirms network breach after hackers leak 2GB of data

LexisNexis Legal & Professional, a U.S.-based provider of legal research, regulatory information and analytics services, confirmed that hackers breached several of its servers and accessed customer and business data following a cyber intrusion discovered in February.

The incident surfaced after a threat actor using the name FulcrumSec released approximately 2 gigabytes of files on underground forums and data-sharing sites. The exposed data allegedly originated from the company’s cloud infrastructure.

LexisNexis Legal & Professional stated that an internal investigation confirmed unauthorized access to a limited number of servers. The company said the compromised systems primarily contained legacy and deprecated information dating from before 2020.

The exposed data included customer names, user IDs, business contact details, product usage information, support tickets and customer survey responses that contained respondent IP addresses. The company emphasized that the affected systems did not contain Social Security numbers, driver’s license numbers, financial information, active passwords, customer search queries, contracts or client matter information.

LexisNexis stated that the breach did not affect its products or services and that the intrusion has been contained. The company also reported the incident to law enforcement authorities and brought in an external cybersecurity specialist to assist with investigation and containment measures.

FulcrumSec claimed the intrusion occurred on Feb. 24 after exploiting the React2Shell vulnerability in an unpatched React-based frontend application connected to the company’s Amazon Web Services environment. The attackers said the vulnerable container provided access to multiple internal resources.

The threat actor stated that the breach allowed access to large volumes of internal data, including hundreds of database tables and millions of records stored within the company’s cloud infrastructure. FulcrumSec asserted that the attackers extracted more than two gigabytes of structured data and accessed cloud configuration information, employee password hashes and infrastructure details.

The hackers also claimed access to approximately 400,000 cloud user profiles containing names, email addresses, phone numbers and job functions. Among those records, the attackers said they identified 118 users with .gov email addresses belonging to U.S. government personnel, including federal judges, law clerks and attorneys working for the U.S. Department of Justice and the Securities and Exchange Commission.

FulcrumSec stated that the group contacted LexisNexis about the breach but did not reach an agreement with the company regarding the handling of the data.

LexisNexis Legal & Professional operates globally and provides legal, regulatory and business intelligence tools used by law firms, corporations, government agencies and academic institutions in more than 150 countries.