LexisNexis Data Breach — Threat Actor Allegedly Claims 2.04 GB Stolen - CyberSecurityNews

HomeCyber Security News LexisNexis Data Breach — Threat Actor Allegedly Claims 2.04 GB Stolen By Guru Baran March 3, 2026 A threat actor operating under the alias FulcrumSec has publicly claimed responsibility for a fresh breach of LexisNexis Legal & Professional, the legal information division of RELX Group, alleging the exfiltration of 2.04 GB of structured data from the company’s AWS cloud infrastructure. According to FulcrumSec’s post published on March 3, 2026, initial access was gained on February 24 by exploiting the React2Shell vulnerability in an unpatched React frontend application, a flaw the company had reportedly left unaddressed for months. The threat actor leveraged the compromised LawfirmsStoreECSTaskRole ECS task container, which had been granted read access to the production Redshift data warehouse, 17 VPC databases, AWS Secrets Manager, and the Qualtrics survey platform. Alleged Leak Claim Notably, the actor criticized the company’s security posture, pointing out that the RDS master password was set to “Lexis1234”, and that a single task role held read access to every secret in the AWS account, including production database master credentials. Data Asset Alleged Volume Redshift Tables 536 VPC Database Tables 430+ AWS Secrets Manager Secrets (Plaintext) 53 Total Database Records 3.9 Million Cloud User Profiles ~400,000 Enterprise Customer Accounts 21,042 Employee Password Hashes 45 .gov Email Users Exposed 118 FulcrumSec alleges that among the 400,000 cloud user profiles containing real names, emails, phone numbers, and job functions, 118 accounts held .gov email addresses belonging to federal judges, federal court law clerks, U.S. Department of Justice attorneys, and U.S. SEC staff. The actor also claims to have obtained a complete VPC infrastructure map and the full AWS Secrets Manager dump with 53 plaintext secrets. FulcrumSec explicitly noted this is not related to the December 2024 GitHub breach, in which an unauthorized party stole personal data, including Social Security numbers of over 364,000 individuals, via LexisNexis’s third-party software development platform. The recurrence raises significant concerns about systemic security gaps within one of the world’s most sensitive legal data repositories. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. Tags cyber security cyber security news data breach Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Checkmarx Confirms GitHub Repository Data Published on Dark Web Ransomware Victims Jump to 7,831 as AI Crime Tools Scale Global Attacks Threat Actors Use AI to Automate 0-Day Discovery and Exploitation at Machine Speed Attackers Abuse Google AppSheet, Netlify, and Telegram in Facebook Phishing Campaign New Spyware Platform Lets Buyers Rebrand and Resell Android Surveillance Malware Latest News Cyber Security News FreeBSD DHCP Client Vulnerability Enables Remote Code Execution as Root Cyber Security News Email Bombing and Fake IT Support Calls Fuel New Microsoft Teams Phishing Attacks Cyber Security Microsoft Defender Mistakenly Flags DigiCert Root Certificates as Malware Cyber Security Trellix Source Code Breach – Hackers Gain Unauthorized Access to Repository Cyber Attack News Hackers Breach Government and Military Servers by Exploiting cPanel Vulnerability