LexisNexis Legal & Professional Division Sustains Cloud Data Breach Following React2Shell Exploit by Fulcrumsec Crew

LexisNexis Legal & Professional hit by data breach after Fulcrumsec exploit. Read about the AWS server compromise and the impact on customer records.

By: AXL Media

Published: Mar 4, 2026, 11:14 AM EST

Source: The information in this article was sourced from The Register

Containment Efforts Following Infrastructure Compromise

LexisNexis has officially acknowledged a targeted cyberattack against its Legal & Professional division, coming days after the incident was publicized by a criminal entity. The company reported that the breach has been contained and emphasized that its core products and services remained uncompromised throughout the event. To address the fallout, the data analytics firm engaged an external digital forensics team to spearhead the cleanup and verify the extent of the intrusion. According to a spokesperson for LexisNexis, the unauthorized access was restricted to a specific group of servers, which largely housed deprecated information that predates 2020.

Nature of Exfiltrated Customer Information

The data retrieved during the incident consists primarily of professional contact details and administrative records rather than sensitive personal identifiers. LexisNexis clarified that the impacted files included customer names, business contact information, user IDs, and support tickets, as well as respondent IP addresses from historical surveys. Critically, the company stated that the breach did not involve Social Security numbers, financial data, driver’s license information, or active passwords. According to the firm, all affected current and former clients have been notified, as the company continues to implement remediation steps in coordination with cybersecurity experts.

Technical Exploitation of Cloud Architecture

While the company has characterized the data as legacy material, the threat actor known as Fulcrumsec provided a more aggressive description of the technical methods used. The group claimed they exfiltrated approximately 2 GB of data from a LexisNexis AWS instance by leveraging a "React2Shell" vulnerability within an unpatched React container. This exploit reportedly allowed the attackers to bypass standard security protocols to access the cloud environment. According to the criminals' public listing, the haul includes 17 VPC databases and over 50 secrets swiped from the AWS Secrets Manager, though these specific technical claims have not been independently verified by forensic investigators.