Major Data Breach at LexisNexis Exposes Sensitive Legal Information

On March 4, 2026, LexisNexis announced a substantial data breach that compromised its AWS cloud environment. Hackers exploited a vulnerability known as React2Shell, gaining access to over 2 GB of sensitive data, which included details from 21,000 enterprise customer accounts and nearly 400,000 user profiles. This alarming breach unveiled information about U.S. federal judges and Department of Justice attorneys, underscoring the critical risks faced by legal and governmental sectors. The threat actor, identified as FulcrumSec, leveraged significant security misconfigurations, specifically an overly permissive IAM role and a hardcoded weak database password. Following the breach, the stolen data was leaked on underground forums, raising serious concerns about the integrity of supply chain security within these industries. Organizations must reassess their cloud security configurations and implement stricter access controls to prevent such incidents in the future. Source