Exactis Data Breach, How the Marketing Giant was Hacked

  • By David Lukic
  • Dec 29, 2020

Before June of 2018, most people had never heard of a company called Exactis. The Florida marketing firm aggregates and sells lists of data. Evidently, they have and store more than 3.5 billion business and consumer records. Exactis was founded privately in 2015. The Exactis data breach was discovered by security expert Vinny Troia who was testing the security protocols of ElasticSearch. He used a tool called Shodan and found 7,000 databases that were accessible on public servers. Shockingly the Exactis database was entirely unsecured and accessible. More than 340 million records were out in the open for anyone to steal, with these numbers, The Data Breach is arguably the biggest one by a marketing firm. Upon discovering the records, Troia contacted the FBI and Exactis. The Exactis data breach is disturbing due to the depth of information included. Not only were there U.S. citizens’ names, email addresses, and phone numbers, there were also 400 entries of data per person. Things like the list below were included: 

  • Various physical addresses.

  • Number, age, and gender of their children.

  • Smoking habits.

  • Religious affiliation.

  • Pet preferences.

  • Even things like scuba diving certifications.

The data appears to be collated from every survey every citizen and businessperson ever took. 

exactis data breach

When Was Exactis Data Breach?

It is unclear how long the records have been publicly available, but the company was started in 2015, so we can assume at least a number of years up until June of 2018 when Exactis removed it after the breach was discovered. 

Exactis Data Breach, Am I Affected?

Unfortunately, Exactis has been closed-mouthed over this incident, and they have not provided any way (online or via phone) for consumers to check to see if they were included. However, FBI impressions where the data appears to include every U.S. citizen, so, therefore, assume you were involved in the Exactis data breach. 

What to Do if Your Data Was Breached by Exactis Hack

Although it is not clear that any nefarious individuals actually found and copied the data, experts assume they did. The vast nature of the data included and the potential for marketing purposes should put you on high alert. Here are some tips: 

  • Be extra watchful for spam or phishing emails. Always check the “from” address to see who it is really coming from. 

  • Keep your devices updated with antivirus software and run scans often.

  • Sign up for credit monitoring and fraud alerts with a reputable company like IDStrong.com.

  • Monitor your credit card and bank statements carefully.

Exactis Data Breach Lawsuit

Soon after the Exactis leak of 340 billion records, Morgan & Morgan, a national law firm, filed a lawsuit against Exactis in Jacksonville, Florida. They are asking for a large settlement to compensate each victim. However, due to the recentness of the incident, nothing has been decided, and no settlements have been issued yet. 

Can The Exactis Data Breach Cause Identity Theft?

Despite the fact that no financial information was stolen, and it doesn’t appear that social security numbers were included in the data set, the sheer volume of character details exposes all Americans to phishing scams and marketing ploys, which could infect their computer with a virus or ransomware or worse. You should take immediate steps to secure your private information and your digital life. 

exactis data breach check

What to Do to Protect Yourself Against Future Exposure

Exactis is a data aggregator, and not one of the victims actually provided their information to them, it came from other sources. Therefore, you must be extremely diligent in keeping your personal details safe these days. Some of the ways to stay safe are:

  • Keep your computer and other devices updated with antivirus software and run deep scans often. 

  • Watch out for phishing emails that prompt you to click a link or open an attachment.

  • Monitor your bank and credit card statements and sign up for credit monitoring as well.

  • Reset your online passwords often with very complex, hard-to-guess passwords

  • Never give out your personal details to anyone unless you know them well.

About the Author
IDStrong Logo

Related Articles

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that mu ... Read More

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

Latest Articles

What is an Incident Response?

What is an Incident Response?

What is an Incident Response? After a bank heist, the work begins with specialized teams and plans engaged, allowing for analysis of the event, and from this analysis, the bank can prepare a response to the incident.

What is a Social Engineering Attack? Techniques and Ways to Prevent

What is a Social Engineering Attack? Techniques and Ways to Prevent

Everyone has received a spam text or email at some point. Their hallmarks are widely known; they often include poor or strange grammar, suspicious links, suggested connections with companies or people, or random individuals asking for help in some capacity.

Side Channel Attack: Everything You Need To Know

Side Channel Attack: Everything You Need To Know

Every year, millions of people get victimized by data breaches. Criminals steal their data from the network environments of organizations, vendors, providers, institutions, and governments; with ever-increasing frequency, cybercriminals are making big moves in the cyber wars—and making billions of dollars. 

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Close
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close