LexisNexis AWS Data Breach 2026: React2Shell Exploit Exposes Legacy Data in Cloud Hack

On March 3, 2026, LexisNexis Legal & Professional confirmed a data breach after hackers exploited the React2Shell vulnerability in an unpatched React application, gaining access to their AWS infrastructure and exfiltrating legacy data. The compromised information, dating from before 2020, included customer names and contact details, but LexisNexis states no sensitive PII or financial data was affected.