ShellCodeX Breach Report
Lexipol Data Breach
lexipol.com
Verified breach
Sensitive
Passwords exposed
Accounts exposed
672,546
Breach date
11 Feb 2025
Added to tracker
19 Mar 2025
Data classes
5
What happened
In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly. The breach included over 670k unique email addresses in the user records, along with names, phone numbers, system-generated usernames and passwords stored as either MD5 or SHA-256 hashes.
Exposed data
Email addresses
Names
Passwords
Phone numbers
Usernames
Recommended actions
- Change your Lexipol password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Lexipol โ attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP