LexisNexis Legal and Professional Confirms AWS Server Breach Following Leaked Records of US Government Personnel
LexisNexis confirms a server breach via a React vulnerability as hackers leak 2GB of data, including info on US Department of Justice and SEC personnel.
By: AXL Media
Published: Mar 3, 2026, 10:59 AM EST
Source: The information in this article was sourced from BleepingComputer
Exploiting Infrastructure Through Frontend Vulnerabilities
The integrity of LexisNexis Legal and Professional’s cloud environment was compromised on February 24 through the exploitation of a specific security flaw identified as React2Shell. By targeting an unpatched React frontend application, the threat actor FulcrumSec successfully bypassed perimeter defenses to gain deep access to the company’s Amazon Web Services (AWS) infrastructure. This entry point allowed the unauthorized party to move laterally through the network, eventually reaching sensitive data repositories that served as the backbone for the company’s analytical services.
The Disparity Between Corporate and Hacker Disclosures
LexisNexis has attempted to downplay the severity of the incident, characterizing the accessed information as legacy data that is largely deprecated and predates 2020. According to a company spokesperson, the impacted servers primarily contained customer names, user IDs, and support tickets rather than active financial data or Social Security numbers. However, the narrative provided by FulcrumSec contradicts this assessment, with the hackers claiming to have exfiltrated over 3.9 million database records and 53 plaintext secrets from the AWS Secrets Manager, suggesting a much broader exposure of live system credentials.
High Profile Exposure of Federal Legal Personnel
One of the most concerning aspects of the leak is the alleged inclusion of data belonging to over 100 individuals with .gov email addresses. The stolen dataset reportedly contains the professional details of federal judges, law clerks, and attorneys within the U.S. Department of Justice and the Securities and Exchange Commission. While LexisNexis maintains that no sensitive personally identifiable information was taken, the exposure of contact lists and job functions for high ranking legal officials provides a significant roadmap for potential targeted phishing or social engineering campaigns against the federal judiciary.
Categories
Topics
Related Coverage
- LexisNexis Legal & Professional Division Sustains Cloud Data Breach Following React2Shell Exploit by Fulcrumsec Crew
- European Commission Investigates 350GB Data Theft Following Breach of Cloud Infrastructure Accounts
- European Commission Investigates Major Data Theft Following Targeted Breach Of Amazon Web Services Cloud Account
- Critical 'MCPwn' vulnerability in nginx UI triggers emergency warnings as active exploitation begins