LexisNexis

Overview

LexisNexis is one of the most powerful data aggregation companies in the world, operating at the intersection of legal research, risk analytics, and people-search databases. A division of RELX Group (formerly Reed Elsevier), a London-based multinational with annual revenues exceeding $9 billion, LexisNexis maintains databases containing records on virtually every American adult, an estimated 283 million individuals, with billions of data points spanning addresses, phone numbers, relatives, associates, property records, court filings, vehicle registrations, professional licenses, and more.

The company operates through two primary divisions. LexisNexis Legal & Professional provides legal research databases used by law firms, courts, and government agencies. LexisNexis Risk Solutions, the division of primary privacy concern, provides data analytics, identity verification, fraud detection, and investigative tools to law enforcement, government agencies, insurance companies, and financial institutions.

The Risk Solutions division's flagship product, Accurint, is one of the most widely used people-search and investigative databases in the United States. Accurint provides law enforcement and private-sector clients with the ability to instantly retrieve comprehensive profiles on any individual, including current and historical addresses, phone numbers, email addresses, relatives and associates, property ownership, vehicle registrations, bankruptcy filings, liens, judgments, and in some configurations, driver's license photographs.

LexisNexis Risk Solutions generated approximately $2.7 billion in revenue in 2023, making it one of the most profitable divisions of RELX. The growth trajectory has been consistently upward, driven by expanding law enforcement adoption, insurance industry data demand, and new data streams like connected vehicle telemetry. The division's profit margins exceed 30%, reflecting the high value that institutional clients place on comprehensive personal data access and the low marginal cost of serving additional queries against an existing database.

LexisNexis's significance to privacy extends beyond its data holdings to its active role in enabling immigration enforcement and mass surveillance. The company's contracts with U.S. Immigration and Customs Enforcement (ICE) have been documented as facilitating billions of searches against its databases, effectively providing ICE with a commercial surveillance infrastructure that operates outside traditional warrant requirements.

The corporate structure is important context: LexisNexis Risk Solutions is a division of RELX Group, an Anglo-Dutch multinational that also owns Elsevier (scientific publishing) and Reed Exhibitions (trade shows). RELX's market capitalization exceeds $80 billion, making it one of the world's most valuable information companies. The parent company's scale provides LexisNexis with deep financial resources and insulation from the reputational costs of its surveillance-enabling business, investors focus on RELX's diversified portfolio, not the civil liberties implications of its risk analytics division.

The history of LexisNexis Risk Solutions traces through a series of acquisitions of controversial data companies. In 2004, LexisNexis parent Reed Elsevier acquired Seisint Inc., a Florida company that had built a massive people-search database originally called the Multistate Anti-Terrorism Information Exchange (MATRIX). The MATRIX system, funded by the Department of Justice after September 11, was designed to aggregate commercial and government databases to identify potential terrorists. Civil liberties concerns led most participating states to withdraw, but the underlying data infrastructure survived as the foundation of what became Accurint.

In 2008, LexisNexis acquired ChoicePoint for approximately $3.6 billion, absorbing another of the largest commercial data aggregators in the country, one that had already faced a notorious data breach and FTC enforcement. These acquisitions consolidated an enormous volume of personal data under a single corporate umbrella.

The ChoicePoint acquisition was particularly significant because ChoicePoint had built its business explicitly on selling personal information to government agencies, insurance companies, and employers. Before its acquisition, ChoicePoint had contracts with 35 government agencies and maintained databases containing records on virtually every American adult. The merger combined ChoicePoint's government-focused data brokerage with LexisNexis's legal research and risk analytics capabilities, creating the most comprehensive investigative data platform in the United States.

Data Collection Practices

LexisNexis Risk Solutions operates one of the most comprehensive people-search databases in the world, built through systematic collection from hundreds of public, commercial, and proprietary sources:

Public records are collected at massive scale from government sources across all 50 states:

• Voter registration files from every available jurisdiction
• Property deeds, tax assessments, and mortgage records
• Court records including civil, criminal, bankruptcy, and family court
• Vehicle registrations and driver's license records
• Professional licenses and certifications
• Business filings and corporate registrations
• Death records, marriage records, and divorce decrees
• UCC filings and liens

Utility and telecommunications data provides address verification and residency confirmation through partnerships with utility companies, phone carriers, and cable providers. This data stream reveals where individuals live, when they move, and what services they use. When a person activates electrical service at a new address, that record flows into LexisNexis's database, often before the individual has updated their address with the postal service, making utility data one of the most timely indicators of residential relocation.

Phone records and communication metadata compiled from public directory listings, data partnerships, and commercial sources provide both landline and mobile phone numbers associated with individuals. While LexisNexis does not collect call content, the association of phone numbers with real identities enables reverse-phone lookup capabilities that effectively eliminate phone anonymity.

Driver behavior and vehicle data represents a concerning expansion of LexisNexis's collection. In 2022, the company acquired vehicle data from Wejo, a connected car data company, gaining access to detailed driving behavior data including routes driven, speeds traveled, braking patterns, and time spent at specific locations. This data is used in insurance risk assessment but also provides granular movement tracking of millions of drivers.

Insurance companies have increasingly used LexisNexis driving data to set premiums, creating a system where individuals may be unaware that their driving behavior is being monitored, scored, and shared with their insurer through a third-party data broker they have never heard of.

Financial and credit-related data includes records from banking institutions, payment processors, and alternative credit data providers. LexisNexis maintains comprehensive files used for identity verification, fraud detection, and Know Your Customer (KYC) compliance.

Social media and digital footprint data is incorporated into profiles through web scraping, data partnerships, and open-source intelligence (OSINT) collection techniques. While LexisNexis is less aggressive than some competitors in social media scraping, its digital data holdings are substantial and growing. The company's Accurint platform provides social media search capabilities that allow investigators to identify social media accounts associated with a specific individual, bridging the gap between real-world identity and online presence.

Identity resolution technology allows LexisNexis to link fragmented data across sources into unified individual profiles. The company's identity graph technology connects records even when they contain different name spellings, addresses, or other identifiers, building comprehensive profiles that follow individuals across their lifetime.

Facial recognition capabilities are available through certain Accurint configurations, which provide access to driver's license photographs and other facial image databases. This capability effectively provides clients with a photo identification tool linked to the company's broader people-search database.

Jail booking data and arrest records are collected from law enforcement agencies nationwide and integrated into profiles. This includes mugshot photographs, booking charges, arrest dates, and facility information. The inclusion of arrest data, which may reflect charges that were later dropped or resulted in acquittal, creates persistent records that follow individuals regardless of legal outcome.

Death records and historical data extend profiles beyond living individuals, maintaining records on deceased persons that can be used for fraud prevention but also create privacy concerns for surviving family members whose information appears in associated records.

Insurance claims data is maintained through the CLUE (Comprehensive Loss Underwriting Exchange) database, one of the most impactful but least understood data products in the consumer data ecosystem. CLUE contains seven years of auto and property insurance claims history for virtually every insured American. Insurance companies check CLUE before issuing policies, meaning a single claim, even one that was not the consumer's fault, can follow an individual across insurance applications for seven years, resulting in higher premiums or coverage denial.

The cumulative effect of this multi-source collection is a surveillance database of extraordinary breadth. For any given American adult, LexisNexis likely holds their current and historical addresses, phone numbers, email addresses, relatives, associates, property ownership, vehicle registrations, court records, professional licenses, voter registration, and potentially their driving behavior, facial image, and employment history. This profile exists regardless of whether the individual has ever interacted with LexisNexis or consented to any form of data collection.

Known Clients & Government Contracts

LexisNexis's client base spans law enforcement, intelligence, immigration enforcement, and the private sector:

U.S. Immigration and Customs Enforcement (ICE): LexisNexis's most controversial client relationship is with ICE. Investigations by Georgetown Law's Center on Privacy & Technology and The Intercept revealed that ICE conducted billions of searches against LexisNexis databases, using the company's data to identify, locate, and facilitate the deportation of undocumented immigrants.

The Georgetown analysis found that ICE used LexisNexis data to conduct searches at a rate suggesting mass surveillance rather than targeted investigations, the volume of queries was far too large to be associated with individual case work. The data effectively gave ICE the ability to run broad surveillance sweeps against immigrant communities without the judicial oversight required for traditional law enforcement data requests.

Between 2013 and 2021, ICE's contract with LexisNexis was valued at approximately $22.1 million. The company also held contracts with Customs and Border Protection (CBP) for similar investigative and identity verification purposes.

In 2021, a coalition of civil rights organizations delivered a petition with over 100,000 signatures calling on LexisNexis to terminate its ICE contracts. The company declined, stating that it "provides data and analytics for use by customers for purposes authorized under applicable law." This response illustrated a pattern common in the data broker industry: deflecting responsibility for harmful downstream uses by asserting that the company merely provides tools.

Federal law enforcement: The FBI, DEA, ATF, U.S. Marshals Service, and Secret Service all use LexisNexis databases for investigative purposes. Accurint is standard issue at many federal law enforcement agencies, providing instant access to comprehensive individual profiles.

State and local law enforcement: Over 10,000 law enforcement agencies across the United States use LexisNexis products. Accurint is widely regarded as the default people-search tool in American policing, used for everything from routine background checks to complex investigations. The widespread adoption of Accurint means that any police officer in America can instantly access a comprehensive dossier on virtually any adult in the country, including their current address, phone number, vehicle, relatives, associates, and in some cases their photograph, without a warrant, subpoena, or any judicial oversight.

Insurance industry: Major property, casualty, auto, and health insurance companies use LexisNexis for claims investigation, fraud detection, underwriting, and increasingly, for risk-based pricing using driving behavior and other personal data. The company's CLUE (Comprehensive Loss Underwriting Exchange) database tracks insurance claims history on virtually every insured property and vehicle in the United States. The CLUE database contains seven years of claims history for every insured property and vehicle, and insurers routinely check CLUE before issuing policies. A single prior claim can follow a consumer across multiple insurance applications, potentially increasing premiums or resulting in coverage denial.

Financial institutions: Banks and financial services companies use LexisNexis for identity verification, Know Your Customer (KYC) compliance, anti-money laundering screening, and fraud prevention. The company's anti-money laundering solutions screen transactions against sanctions lists, politically exposed persons databases, and adverse media feeds.

Background check industry: LexisNexis data feeds into the background check ecosystem, with its records appearing in employment screening, tenant screening, and volunteer background checks conducted by companies that license LexisNexis data.

Healthcare and pharmaceutical: LexisNexis provides identity verification and fraud detection services to healthcare providers, health insurance companies, and pharmaceutical benefit managers. These relationships expose the company to health-adjacent data that, while not clinical records, can be combined with other data sources to infer health conditions and medical service utilization.

International deployment: LexisNexis Risk Solutions operates in the United Kingdom, Germany, the Netherlands, Australia, and Canada, providing similar data analytics and investigative tools adapted to local regulatory frameworks. The company's international operations serve both private-sector and government clients, extending the Accurint model beyond the United States. In the Netherlands, LexisNexis operates through its parent company RELX's Amsterdam headquarters, providing risk analytics and data services to European financial institutions and government agencies.

In Australia, LexisNexis provides investigative and risk analytics tools to financial institutions, insurance companies, and government agencies, adapted to the Australian regulatory environment including compliance with the Privacy Act 1988. The international expansion means that LexisNexis's model of comprehensive people-search and investigative databases is not limited to the United States but is being replicated across the English-speaking world and beyond.

The sheer breadth of LexisNexis's client base means that an individual's data may be accessed by dozens of different organizations for dozens of different purposes, from a routine insurance quote to an ICE immigration investigation, with the individual having no knowledge of or control over any of these access events.

Debt collection and skip tracing: Debt collection agencies use LexisNexis data to locate debtors who have changed addresses or phone numbers. The ability to track individuals through utility connections, property records, and associate networks makes it extremely difficult for anyone, including those fleeing domestic violence or trying to escape debt harassment, to avoid being located.

Privacy Incidents & Litigation

ICE Mass Surveillance Controversy (2021): Georgetown Law's Center on Privacy & Technology published research documenting that ICE used LexisNexis databases to conduct billions of queries as part of immigration enforcement operations. The research demonstrated that LexisNexis effectively served as a commercial surveillance infrastructure for ICE, enabling searches that would have required judicial authorization if conducted through traditional government databases.

Civil rights organizations including the ACLU, Electronic Frontier Foundation, and National Immigrant Law Center called for LexisNexis to terminate its ICE contracts, arguing that the company was complicit in mass surveillance of immigrant communities. LexisNexis defended the contracts, stating that its tools are used for legitimate law enforcement purposes.

The Georgetown research also documented that ICE agents used LexisNexis to identify and locate individuals who had applied for driver's licenses under state policies designed to allow undocumented immigrants to drive legally. This meant that state policies intended to improve public safety by bringing undocumented immigrants into the licensing system were being undermined by federal agents using commercial data to identify and target those same individuals.

Separately, an investigation by Just Futures Law found that between 2008 and 2023, ICE and CBP spent over $85 million on contracts with data brokers and surveillance technology companies, with LexisNexis receiving among the largest shares. The investigation argued that these contracts represent an end-run around the Fourth Amendment, allowing government agencies to purchase surveillance capabilities that would require warrants if conducted through government systems.

Choicepoint Breach Legacy (2004-2005): LexisNexis acquired Choicepoint in 2008, inheriting the legacy of one of the earliest and most significant data broker breaches. In 2004-2005, criminals created fraudulent Choicepoint accounts and accessed personal information on approximately 163,000 individuals. The breach led to a landmark $15 million FTC settlement and was instrumental in driving state data breach notification laws.

LexisNexis Direct Breach (2005): In a separate incident, LexisNexis itself disclosed unauthorized access to personal records of approximately 310,000 individuals through its Seisint subsidiary. The breach was discovered during the company's internal review prompted by the Choicepoint incident, suggesting that unauthorized access may have gone undetected for an extended period.

The Choicepoint and Seisint breaches were pivotal events in the history of data privacy. Together, they exposed the vulnerability of large-scale personal data aggregation and helped catalyze the first wave of state data breach notification laws across the United States. The California breach notification law (SB 1386), one of the first such statutes, was enacted in 2003, but the Choicepoint breach demonstrated the need for similar laws in every state and provided the political impetus for their passage.

FCRA Violations and Enforcement: LexisNexis has faced multiple enforcement actions related to Fair Credit Reporting Act compliance. The company's data is used in credit-related decisions, employment screening, and tenant screening, all of which trigger FCRA requirements for accuracy, dispute resolution, and permissible purpose limitations.

Consumer advocates have documented numerous cases where LexisNexis data contained errors, wrong criminal records, outdated addresses, incorrect associate links, that led to adverse employment, housing, or insurance decisions for the affected individuals. The National Association of Professional Background Screeners has acknowledged that LexisNexis data, while widely used, requires careful interpretation and verification, an acknowledgment that downstream users of the data do not always heed.

In 2023, a federal jury awarded $2.36 million to a consumer who was denied employment based on an inaccurate LexisNexis background check that attributed someone else's criminal record to the plaintiff. The case demonstrated that LexisNexis's record-matching algorithms can produce false positives with devastating consequences for innocent individuals.

Driving Data Privacy Concerns (2022-2024): LexisNexis's collection and sale of driving behavior data to insurance companies generated significant consumer backlash. The company's Risk Classifier product uses driving behavior data to generate risk scores that insurers use to set premiums, effectively creating a "driving credit score" that most consumers do not know exists. Investigations revealed that many drivers were unaware that their connected vehicles were transmitting detailed driving data to LexisNexis through partnerships with auto manufacturers including General Motors.

In 2024, reports documented that GM had been sharing driving behavior data with LexisNexis without clearly informing vehicle owners, resulting in insurance premium increases for drivers whose data showed hard braking, rapid acceleration, or late-night driving. GM subsequently ended the data-sharing program following public outcry.

Senate Investigation into Data Brokers (2023): LexisNexis was identified in the U.S. Senate investigation into data brokers as a company that sells sensitive personal information with minimal restrictions, including data that enables purchasers to identify and locate specific individuals.

MATRIX Program Legacy: LexisNexis's acquisition of Seisint in 2004 brought with it the infrastructure of the Multistate Anti-Terrorism Information Exchange (MATRIX), a post-9/11 program that combined commercial data with law enforcement records to create a comprehensive surveillance database. Though the MATRIX program was officially shut down in 2005 after civil liberties concerns caused most participating states to withdraw, the underlying data infrastructure and analytical capabilities survived within LexisNexis, forming part of what became the Accurint platform.

Protest Surveillance Concerns: Civil liberties organizations have documented instances where law enforcement agencies used LexisNexis databases to identify individuals who attended protests, linking facial images, license plate data, and social media activity to real identities. While LexisNexis disclaims responsibility for how its data is used by law enforcement clients, the availability of comprehensive people-search tools creates the infrastructure for protest surveillance regardless of the company's stated policies.

Consumer Report Errors and Harm: The National Consumer Law Center has documented numerous cases where errors in LexisNexis consumer reports led to tangible harm: individuals denied employment based on criminal records belonging to a different person with a similar name, insurance applications rejected based on incorrect claims history data, and tenants denied housing based on eviction records that were dismissed or belonged to former residents at the same address.

Wejo Connected Vehicle Data Acquisition: LexisNexis's partnership with Wejo, a connected car data company, gave the data broker access to driving behavior data from millions of vehicles. This data includes trip-level details: where a vehicle traveled, how fast it drove, braking patterns, cornering aggressiveness, and time of day. Insurance companies use this data to create usage-based insurance products, but the collection occurs with minimal consumer awareness.

When drivers discover that their vehicle has been transmitting detailed driving data to a company they have never heard of, the reaction is consistently one of shock and violation. The connected vehicle data pipeline, from auto manufacturer to data aggregator to insurance company, represents a new frontier of surveillance that operates entirely outside traditional privacy frameworks.

Threat Score Analysis

LexisNexis receives a composite threat score of 72/100, reflecting its role as the primary data infrastructure for U.S. law enforcement and its active facilitation of immigration surveillance:

• Data Collection (88/100): LexisNexis maintains one of the most comprehensive people-search databases in the world, with records on an estimated 283 million Americans covering addresses, phone numbers, associates, property, vehicles, court records, financial data, and increasingly, driving behavior and facial images. The breadth of collection approaches total surveillance of the U.S. population.

• Third-Party Sharing (80/100): Data access is provided to over 10,000 law enforcement agencies, federal agencies including ICE and FBI, insurance companies, financial institutions, and background check providers. While access requires client agreements and ostensible permissible purposes, the sheer volume of clients and queries means that LexisNexis data is accessible to a vast network of institutional users.

• Breach History (55/100): The Choicepoint breach (inherited through acquisition) and the 2005 Seisint breach demonstrated the vulnerability of concentrated personal data. While LexisNexis has improved security since these early incidents, the sensitivity and scope of its data holdings make it a perpetual high-value target.

• Government Contracts (75/100): LexisNexis is the default investigative database for American law enforcement. The ICE contracts, enabling billions of queries for immigration enforcement, represent the most documented example of a commercial data broker serving as mass surveillance infrastructure for government agencies. The scale of government access, combined with the absence of judicial oversight for most queries, creates significant civil liberties risks.

• Transparency (30/100): LexisNexis operates behind an institutional facade that obscures the scope of its data collection and sharing from the individuals it profiles. Consumers can request their LexisNexis file under the FCRA, but the process is not widely known, and the file provided may not reflect the full scope of data available to law enforcement and investigative clients. The company's ICE contracts were not publicly disclosed until investigative journalists and academic researchers uncovered them through FOIA requests, demonstrating a pattern of opacity around the most controversial uses of its data.

Weighted calculation: (88 * 0.25) + (80 * 0.25) + (55 * 0.20) + (75 * 0.15) + (30 * 0.15) = 22.0 + 20.0 + 11.0 + 11.25 + 4.5 = 68.75, adjusted to 72 due to the documented role of LexisNexis data in enabling mass immigration surveillance and the company's position as default investigative infrastructure for U.S. law enforcement.

Transparency & Accountability

LexisNexis operates in a accountability structure that is characteristic of the data broker industry but amplified by the company's law enforcement relationships. The fundamental challenge is that LexisNexis controls one of the most comprehensive databases of personal information ever assembled, yet the individuals profiled in that database have limited awareness of its existence and minimal control over its contents.

The FCRA provides some consumer access rights, individuals can request their LexisNexis consumer file and dispute inaccuracies. However, this mechanism is inadequate for several reasons:

• Most consumers are unaware that LexisNexis maintains a file on them
• The FCRA file may not include all data available to law enforcement clients through Accurint
• Disputing inaccuracies is time-consuming and the burden falls entirely on the consumer
• Corrected data may be reintroduced from other sources in subsequent database updates

The company has resisted transparency about its ICE contracts and law enforcement relationships. When Georgetown Law and The Intercept published investigations documenting the scale of ICE's use of LexisNexis data, the company's public response was to defend the contracts without addressing the mass surveillance implications.

LexisNexis's parent company RELX publishes corporate responsibility reports that emphasize the company's commitment to "responsible data use" and legal compliance. However, these reports do not address the fundamental tension between the company's business model, comprehensive surveillance of the American population monetized through data access, and the civil liberties implications of that model.

The driving data controversy exposed a new frontier of accountability gaps. When auto manufacturers share vehicle telemetry with LexisNexis, and LexisNexis sells that data to insurance companies, the chain of data sharing is so long and opaque that consumers have no practical ability to understand, let alone control, how their driving behavior is being collected, scored, and monetized.

Regulatory oversight of LexisNexis is fragmented across the FTC, CFPB, state attorneys general, and data protection authorities in countries where the company operates. The company's size, legal sophistication, and institutional client relationships give it significant leverage in regulatory negotiations.

Congressional scrutiny has increased, with multiple Senate hearings examining the role of data brokers in enabling government surveillance without warrant requirements. However, legislative action has been slow, and LexisNexis and the data broker industry continue to operate under a regulatory framework that was not designed to address the privacy implications of companies that maintain dossiers on every American adult.

The Fourth Amendment's warrant requirement was designed to prevent government access to personal information without judicial oversight. LexisNexis's business model provides a commercial end-run around this constitutional protection: government agencies can purchase access to comprehensive personal dossiers that would require warrants if collected directly, simply by paying a subscription fee to a private data broker. This "third-party doctrine" loophole, under which information shared with a business loses Fourth Amendment protection, has been partially narrowed by the Supreme Court's 2018 Carpenter v. United States decision, but its application to data broker records remains an open and contested legal question.

Until this constitutional and regulatory gap is closed, LexisNexis will continue to function as what civil liberties advocates describe as a "surveillance-as-a-service" provider, a private company that enables government monitoring of the population at a scale and granularity that would be unconstitutional if conducted directly by the state.

The Executive Order on Protecting Americans' Sensitive Personal Data, issued in February 2024, addressed the threat of foreign adversaries accessing Americans' personal data through commercial channels, but did not address the domestic government's use of commercially purchased data to bypass warrant requirements. This omission underscores the political difficulty of constraining domestic surveillance infrastructure that law enforcement agencies have come to depend on.

LexisNexis's $2.7 billion Risk Solutions division continues to grow as law enforcement budgets expand and new data streams become available.

The data broker industry, with LexisNexis at its center, has successfully positioned itself as essential infrastructure that cannot be meaningfully regulated without compromising law enforcement effectiveness. This framing creates a regulatory paralysis: legislators who advocate for data broker restrictions face accusations of being "soft on crime," while the civil liberties implications of unrestricted commercial surveillance continue to expand with each new data source, from driving behavior to connected home devices, that LexisNexis adds to its database.