LexisNexis - which this article generously describes as a "data analytics company" - suffered a data breach due to an unpatched Reach2Shell vulnerability (which was rated at the maximum severity of 10 when it was discovered and highly publicized in November 2025, patches began to release in early December). The company claims old, non-sensitive data was stolen, such as customer names, user IDs (unclear if they mean identifications or more like usernames), business contact information, products used, customer surveys with respondent IP addresses, and support tickets. They insist no PII like Social Security numbers, driver's license number, financial information, or other data was leaked.
This is a companion discussion topic for the original entry at https://www.privacyguides.org/news/2026/03/09/data-breach-roundup-feb-20-feb-26-2026-2