A New Data Breach May Have Exposed Personal Information of Almost Every American Adult
Exactis data leak reportedly contained detailed information on 230 million consumers.
28 Jun 2018 – A little-known Florida company may have exposed the personal data of nearly every American adult, according to a new report.
Wired reported Wednesday [27 Jun] that Exactis, a Palm Coast, Fla.-based marketing and data-aggregation company, had exposed a database containing almost 2 terabytes of data, containing nearly 340 million individual records, on a public server. That included records of 230 million consumers and 110 million businesses.
“It seems like this is a database with pretty much every U.S. citizen in it,” security researcher Vinny Troia, who discovered the breach earlier this month, told Wired. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen,” he said.
While the database apparently does not include credit-card numbers or Social Security numbers, it does include phone numbers, email and postal addresses as well as more than 400 personal characteristics, such as whether a person is a smoker, if they own a dog or cat, their religion and a multitude of personal interests. Even though no financial information was included, the breadth of personal data could make it possible to profile individuals or help scammers steal identities.
Troia told Wired that he was easily able to access the database on the internet, and in theory, plenty of other people could have too. He said he warned Exactis and the FBI about the vulnerability, and the data is no longer publicly accessible.
On its website, Exactis said it maintained 3.5 billion consumer, business and digital records, including “demographic, geographic, firmographic, lifestyle, interests, CPG, automotive, and behavioral data.” The company said it has data on 218 million individuals and 110 million U.S. households.
There are about 325 million residents in the U.S., with about 244 million adults and 126 million households, according to the U.S. Census Bureau.
Exactis did not immediately respond when asked to confirm the breach.
If confirmed, the data leak would be one of the largest in history, and far bigger than the Equifax data breach last year that exposed the personal information of about 148 million consumers.
While technically not a breach, Facebook Inc. FB, -0.97% said in March that most of its 2 billion users had their personal data “improperly shared” without their permission, including about 87 million profiles that were scraped by Cambridge Analytica.
DISCLAIMER: In accordance with title 17 U.S.C. section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. TMS has no affiliation whatsoever with the originator of this article nor is TMS endorsed or sponsored by the originator. “GO TO ORIGINAL” links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted may not match the versions our readers view when clicking the “GO TO ORIGINAL” links. This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.
Join the discussion!
We welcome debate and dissent, but personal — ad hominem — attacks (on authors, other users or any individual), abuse and defamatory language will not be tolerated. Nor will we tolerate attempts to deliberately disrupt discussions. We aim to maintain an inviting space to focus on intelligent interactions and debates.