// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / LexisNexis Legal & Professional
Breach Record

LexisNexis Legal & Professional

DISCLOSED 2026-03-18 · UNPATCHED CVE

LexisNexis Legal & Professional confirmed a data breach after threat actor FulcrumSec exploited an unpatched critical vulnerability in its AWS infrastructure. The attacker exfiltrated 2.04 gigabytes of structured data, including user records. No further details on the number of records or specific data types were provided.

The record

What we know

Disclosed
2026-03-18
Attack vector
Unpatched Cve
Sector
Legal & Professional Services
Data classes exposed
user records
Sources

Cited reporting

Similar vector · recent

Other unpatched cve breaches on file

This page is the permanent ColdRecon entry for the LexisNexis Legal & Professional disclosure. It updates if new public reporting emerges. All tracked breaches →

LexisNexis Legal & Professional just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →