LexisNexis Risk Solutions is a data broker that collects and uses consumer personal data to help paid business customers detect possible risks and fraud, and discloses data breaches that affect more than 364,000 people.
In a filing with the Maine Attorney General, the company said that a violation dated back to December 25, 2024, allowed hackers to retrieve confidential consumer personal data from third-party platforms used for software development. LexisNexis did not name the platform.
The stolen data can vary, but includes name, date of birth, phone number, postal and email address, social security number, and driver license number.
It is not immediately clear what circumstances led to the violation. A LexisNexis spokesman did not reply to TechCrunch's request for comment.
Data brokers like LexisNexis are part of a billion dollar industry for companies that benefit from collecting and selling access to large quantities of American personal and financial data. LexisNexis uses a large amount of consumer information to help businesses detect potentially fraudulent transactions and perform risk assessments and due diligence on their customers.
Last year, the New York Times reported that carmakers are one of several companies that use LexisNexis to share data on vehicle driving habits without the express permission of car owners. The data was then sold to an insurance company, who used mileage and driving data to determine driver premiums.
Law enforcement also uses LexisNexis to obtain personal information about suspects, such as names, home addresses and call records.
Earlier this month, the Trump administration abolished plans to restrict data brokers from selling personal and financial information for Americans, including social security numbers. The official White House Russell Vought wrote in the federal register that Biden-era rules required them to follow the same federal privacy rules as the Credit Bureau and tenant screening companies, despite years of privacy advocates closing Lupaul.