London, March 5, 2026, 08:14 GMT
LexisNexis Legal & Professional, owned by RELX, says it locked down a security breach after discovering that an unauthorized actor accessed a small set of its servers, a media report said. The Record from Recorded Future
The breach hits a company marketing paid research and analytics to lawyers, corporates, and public agencies. That product rests on trust — not just in the data, but its handling, too.
This lands as information publishers ramp up efforts to weave AI into legal workflows—raising fresh questions over data access and control. Wolters Kluwer and Thomson Reuters, among others, already pitch comparable products to compliance-focused customers.
LexisNexis told CRN the breach hit “legacy” systems—older servers with mainly outdated pre-2020 data. The company listed customer names, user identities, business contact info, and support materials among the exposed data. Social Security numbers, driver’s licenses, payment information, and active passwords were not included, LexisNexis said, adding it found “no evidence of compromise of or impact to our products and services.” CRN
It all started when a group using the name FulcrumSec posted stolen files online, alleging they’d grabbed roughly 2GB of data and exposed 400,000 personal records, SecurityWeek reported. SecurityWeek
FulcrumSec, according to The Register, said it possessed customer account details along with contract information that maps organizations to specific products and pricing tiers—potentially sensitive for businesses and government clients. The Register noted it had not independently verified any figures or leaked content. The Register
LawNext, referencing additional reports, noted that the group says it gained access through a vulnerability called “React2Shell” inside a React-based web app — React being widely used for website development — before traversing Amazon Web Services, the cloud provider relied on by numerous firms. LexisNexis hasn’t verified how the attackers got in. LawSites
RELX, listed in London, said Wednesday it bought back 500,000 shares at an average price near 2,580 pence per share, and will hold these in treasury—meaning the repurchased stock isn’t canceled, just retained by the company. Since Jan. 2, the company reports snapping up 21.7 million shares. Investegate
RELX posted adjusted operating profit of 3.34 billion pounds on 9.59 billion pounds in revenue for 2025 back in February, according to Reuters. The company also bumped up its full-year dividend to 67.5 pence per share. Reuters
The hacking group’s assertions about credentials and contract data could escalate the situation if verified, despite the company’s statement that only legacy systems were hit. A more extensive leak might push customers to audit, intensify contract scrutiny, spark legal headaches, and drive up costs for remediation and security upgrades.
