LexisNexis Risk Solutions has disclosed that a data breach at one of its third-party software development providers has compromised the personal information of more than 364,000 people.

The breach, which occurred in late 2024, was revealed in a filing with the Maine attorney general’s office. In notification letters to affected individuals, LexisNexis stated that an unauthorized party may have accessed names, contact details, Social Security numbers, driver’s license information, and dates of birth. However, no financial or payment card data was involved, and there is currently no evidence of misuse.

In response, LexisNexis has brought in independent cybersecurity specialists to investigate the incident and informed law enforcement authorities. As a precaution, the company is offering two years of complimentary identity protection and credit monitoring services to impacted individuals. The incident underscores the ongoing risks tied to third-party data vendors, especially those integrated into critical software development processes.