Exactis Data Breach: One of the Biggest in 2018

Have you heard of the Exactis data breach that happened two years ago? It was one of the biggest breaches that happened in 2018.

But this breach was not done by any elite hackers or identity thieves. It is by the marketing company itself and its lack of firewall for its database.

Thus, it experienced a breach of about 340 million Americans’ personal data. Meaning, it affected about 45% more Americans than the 2017 Equifax breach.

So, let us take a look at some facts about what happened with the Exactis data breach.

What is Exactis?

Exactis is a data broker and marketing firm based in Palm Coast, Florida. Selling premium business and consumer data as one of its main businesses.

These records were of 218 million individuals and 110 million US households.

Also, it boasts of having more than 3.5 billion consumer, business, and digital records. And it is said that these records are updated every month.

Thus, the company boasts of having the largest and most respected data warehouse. In what sector? In all digital and direct marketing sector.

So, Exactis runs on data. Providing hundreds of categories like demographic, geographic, behavioral data, interests, and more.

Discovering the Breach

In June 2018, Vinny Troia tested the security of the database ElasticSearch. Then, he did it with the help of the search tool called Shodan.

With this, Troia found 7,000 databases that were accessible on public servers. And one of these was of Exactis, unprotected by any firewall.

Then, while checking, he noticed Exactis had two versions of its database. And one of them only added while he was observing its servers.

Further, both databases have 340 million records. And it is split into 230 million consumers and 110 million business contacts.

So, he checked for the accuracy of the data then contacted both Exactis and the FBI.

Leaked Information

As said, the Exactis data breach affected 340 million Americans’ data. Also, this data amounted to up to 2 terabytes.

With two-thirds of these data coming from individuals. And the third of it from businesses and companies all over the nation.

But Social Security numbers and credit card numbers were not exposed. But even though that is the case, the data were still very detailed.

Some information leaked are:

  • name
  • age
  • gender
  • phone numbers
  • home address
  • e-mail address

Aside from the basic information, there is also a very specific and wide range of data. Like:

  • interests
  • habits
  • religion
  • whether the person smokes
  • do they have dogs or cats
  • children’s gender

So even though there weren’t any Social Security numbers, it is still very serious. Also, this leak was one of the biggest in the year.

Cybercriminals can use these data to make other forms of social engineering. Also, impersonation and profiling is a very high chance.

But with millions of Americans affected by this data breach, none of them were alerted. Exactis did not give a way for them to check if their data were leaked.

So, this was another lesson learned in 2018. That a lack of regulation around privacy and data collection in the US is very dangerous.

Rate this post:


Leave a Comment

Your email address will not be published. Required fields are marked *