LexisNexis Legal & Professional data leak after AWS intrusion
Data Leak
Summary
Hide ▲
Show ▼
FulcrumSec leaked 2GB of files tied to LexisNexis Legal & Professional, exposing customer and business information that could be used for follow-on abuse. The company confirmed unauthorized access to limited servers and said the material was mostly legacy data from prior to 2020. The exposed records included customer names, user IDs, business contact information, support tickets, and about 400,000 cloud user profiles.
Related Happenings
FortiBleed Fortinet/FortiGate VPN credential leak
Data Leak
H score80
First: 17.06.2026 18:12
Last: 17.06.2026 18:12
Sources 1
About this happening:
**FortiBleed** is a **data leak** of **Fortinet/FortiGate VPN credentials** that now includes a verified database of **86,644 confirmed working credentials** collected from **inte...
FortiBleed Fortinet/FortiGate VPN credential leak
Data LeakAbout this happening: **FortiBleed** is a **data leak** of **Fortinet/FortiGate VPN credentials** that now includes a verified database of **86,644 confirmed working credentials** collected from **inte...
Latest development: 19.06.2026 09:47
CISA urged Fortinet customers to secure FortiGate appliances after nearly 74,000 firewall and VPN credentials were exposed in the FortiBleed leak. The agency advised affected owners to terminate SSL VPN and administrative sessions, reset VPN and administrative passwords, enable phishing-resistant multifactor authentication, review logs for unauthorized access or lateral movement, store admin credentials with PBKDF2, restrict firewall management interfaces from public internet access, and remove unauthorized accounts.
IRhythm patient data exfiltration from third-party business applications
Data Leak
H score34
First: 16.06.2026 09:31
Last: 16.06.2026 09:31
Sources 1
About this happening:
**iRhythm Holdings** disclosed a **data breach** involving **third-party-hosted business applications** after a threat actor used **social engineering** to access data and demande...
IRhythm patient data exfiltration from third-party business applications
Data LeakAbout this happening: **iRhythm Holdings** disclosed a **data breach** involving **third-party-hosted business applications** after a threat actor used **social engineering** to access data and demande...
CISA contractor GitHub repository exposed internal credentials
Data Leak
H score28
First: 18.05.2026 23:48
Last: 18.05.2026 23:48
Sources 1
About this happening:
A **CISA contractor** left a public **GitHub repository** exposing **AWS GovCloud credentials** and internal access material, creating a serious **data leak** involving sensitive...
CISA contractor GitHub repository exposed internal credentials
Data LeakAbout this happening: A **CISA contractor** left a public **GitHub repository** exposing **AWS GovCloud credentials** and internal access material, creating a serious **data leak** involving sensitive...
Latest development: 22.05.2026 19:34
On May 19, Sen. Maggie Hassan and Rep. Bennie Thompson, with Rep. Delia Ramirez co-signing Thompson’s letter, sent separate letters to CISA demanding answers about the Private-CISA GitHub leak and warning that the credential exposure raised serious concerns about CISA’s internal policies, contract support, and security culture.
CareCloud hit by network compromise
Incident
H score23
First: 31.03.2026 00:44
Last: 31.03.2026 00:44
Sources 1
About this happening:
**CareCloud** disclosed a **network intrusion** that disrupted **1 of 6 electronic health record environments** and raised the possibility that **patient data** was accessed. The...
CareCloud hit by network compromise
IncidentAbout this happening: **CareCloud** disclosed a **network intrusion** that disrupted **1 of 6 electronic health record environments** and raised the possibility that **patient data** was accessed. The...
AkzoNobel partial Anubis data leak
Data Leak
H score50
First: 04.03.2026 01:00
Last: 04.03.2026 01:00
Sources 1
About this happening:
**AkzoNobel** faces a **partial data leak** after **Anubis ransomware** claimed it stole **170GB of data** and **almost 170,000 files**. The leak site posted **sample screenshots*...
AkzoNobel partial Anubis data leak
Data LeakAbout this happening: **AkzoNobel** faces a **partial data leak** after **Anubis ransomware** claimed it stole **170GB of data** and **almost 170,000 files**. The leak site posted **sample screenshots*...
Timeline
-
03.03.2026 17:40 1 articles · 4mo ago
FulcrumSec exploits an unpatched React frontend app to reach LexisNexis Legal & Professional AWS infrastructure
Exploitation ObservedFulcrumSec gained access to LexisNexis Legal & Professional's AWS infrastructure by exploiting the React2Shell vulnerability in an unpatched React frontend app on February 24, 2026.
Show sources
- LexisNexis confirms data breach as hackers leak stolen files — www.bleepingcomputer.com — 03.03.2026 17:40
-
03.03.2026 17:40 2 articles · 4mo ago
LexisNexis Legal & Professional confirms unauthorized access and FulcrumSec leaks 2GB of files
Initial DisclosureOn March 3, 2026, LexisNexis Legal & Professional confirmed unauthorized access to limited servers and said the affected data was mostly legacy, deprecated information from prior to 2020, while FulcrumSec publicly leaked 2GB of files and claimed exfiltration of 2.04 GB of structured data, about 400,000 cloud user profiles, 21,042 customer accounts, and records tied to .gov users; the company said there was no evidence that products or services were impacted.
Show sources
- LexisNexis confirms data breach as hackers leak stolen files — www.bleepingcomputer.com — 03.03.2026 17:40
- LexisNexis confirms data breach as hackers leak stolen files — www.bleepingcomputer.com — 03.03.2026 17:40