In a recent cybersecurity incident, a hacker known as FulcrumSec has claimed to have breached the LexisNexis Legal & Professional division of RELX Group. The attacker alleges the theft of 2.04 GB of structured data from the company’s Amazon Web Services (AWS) cloud setup.
Details of the Security Breach
FulcrumSec revealed in a post dated March 3, 2026, that they initially gained access on February 24. This access was reportedly achieved by exploiting the React2Shell vulnerability found in an unpatched React application, which the company had allegedly left unsecured for an extended period.
The attacker utilized a compromised ECS task container, LawfirmsStoreECSTaskRole, which was granted access to critical resources. These included the production Redshift data warehouse, 17 VPC databases, AWS Secrets Manager, and the Qualtrics survey platform.
Security Vulnerabilities Criticized
In their post, FulcrumSec criticized LexisNexis’s security measures, noting that the RDS master password was alarmingly simple: “Lexis1234”. Furthermore, a single task role was found to have read access to all secrets within the AWS account, including key production database credentials.
The breach allegedly exposed 536 Redshift tables, over 430 VPC database tables, and 53 plaintext secrets from AWS Secrets Manager. The total volume of records compromised is estimated at 3.9 million, with around 400,000 cloud user profiles potentially affected.
Implications and Response
Among the exposed user profiles, 118 accounts were linked to .gov email addresses of federal judges, law clerks, and attorneys from the U.S. Department of Justice and the SEC. The attacker also claims to have acquired a complete map of the VPC infrastructure and a full dump of AWS Secrets Manager.
FulcrumSec clarified that this incident is unrelated to the December 2024 GitHub breach, which involved unauthorized access to personal data via LexisNexis’s third-party platform. This recurring issue highlights ongoing security concerns within a major repository of legal data.
Follow our updates on Google News, LinkedIn, and X for more on cybersecurity developments. Reach out to feature your own stories.
