Exactis, a major data company based in Palm Coast, Florida, has reportedly exposed highly personal information, such as people's phone numbers, home and email addresses, interests and the number, age and gender of their children. Credit card information and Social Security numbers don't appear to have been leaked. Security researcher Vinny Troia doesn't know where the data is coming from, "but it's one of the most comprehensive collections I've ever seen."
Exactis hasn't confirmed the leak, and the data is reportedly no longer accessible, which makes it difficult to know exactly how many people are affected. But Troia found two versions of the database that each had around 340 million records, with roughly 230 million on consumers and 110 million on business contacts. On Exactis’ website, it says that there are over 3.5 billion consumer, business, and digital records.
Every record reportedly has entries that include more than 400 variables on characteristics like whether the person smokes, what their religion is and whether they have dogs or cats.
If the Exactis leak does in fact include 230 million people's information, that would make it one of the largest in years, bigger even than 2017's Equifax breach of 145.5 million people's data, though smaller than the Yahoo hack that affected 3 billion accounts, revealed last October. (It's worth emphasizing in the case of the Exactis leak, unlike in those earlier data breaches; the data wasn't necessarily stolen by malicious hackers, only publicly exposed on the internet.) But like the Equifax breach, the vast majority of people included in the Exactis leak likely have no idea they're in the database.
Just because people's financial information or Social Security numbers weren't leaked doesn't mean they're not at risk for identity theft. The amount of personal information that was exposed could still help scammers impersonate or profile them.
Marc Rotenberg, executive director of the nonprofit Electronic Privacy Information Center. "The likelihood of financial fraud is not that great, but the possibility of impersonation or profiling is certainly there," Rotenberg says. He notes that while some of the data is available in public records, much of it appears to be the sort of nonpublic information that data brokers aggregate from sources like magazine subscriptions, credit card transaction data sold by banks, and credit reports.
While the security breach seems to be very extensive and scary, there are still steps that should be taken to either confirm that your data is compromised or to keep it from being compromised. Read more here.
Notify me of followup comments via e-mail