Exactis Data Breach, How the Marketing Giant was Hacked
Table of Contents
- By David Lukic
- Dec 29, 2020
Before June of 2018, most people had never heard of a company called Exactis. The Florida marketing firm aggregates and sells lists of data. Evidently, they have and store more than 3.5 billion business and consumer records. Exactis was founded privately in 2015. The Exactis data breach was discovered by security expert Vinny Troia who was testing the security protocols of ElasticSearch. He used a tool called Shodan and found 7,000 databases that were accessible on public servers. Shockingly the Exactis database was entirely unsecured and accessible. More than 340 million records were out in the open for anyone to steal, with these numbers, The Data Breach is arguably the biggest one by a marketing firm. Upon discovering the records, Troia contacted the FBI and Exactis. The Exactis data breach is disturbing due to the depth of information included. Not only were there U.S. citizens’ names, email addresses, and phone numbers, there were also 400 entries of data per person. Things like the list below were included:
Various physical addresses.
Number, age, and gender of their children.
Even things like scuba diving certifications.
The data appears to be collated from every survey every citizen and businessperson ever took.
When Was Exactis Data Breach?
It is unclear how long the records have been publicly available, but the company was started in 2015, so we can assume at least a number of years up until June of 2018 when Exactis removed it after the breach was discovered.
Exactis Data Breach, Am I Affected?
Unfortunately, Exactis has been closed-mouthed over this incident, and they have not provided any way (online or via phone) for consumers to check to see if they were included. However, FBI impressions where the data appears to include every U.S. citizen, so, therefore, assume you were involved in the Exactis data breach.
What to Do if Your Data Was Breached by Exactis Hack
Although it is not clear that any nefarious individuals actually found and copied the data, experts assume they did. The vast nature of the data included and the potential for marketing purposes should put you on high alert. Here are some tips:
Be extra watchful for spam or phishing emails. Always check the “from” address to see who it is really coming from.
Keep your devices updated with antivirus software and run scans often.
Sign up for credit monitoring and fraud alerts with a reputable company like IDStrong.com.
Monitor your credit card and bank statements carefully.
Exactis Data Breach Lawsuit
Soon after the Exactis leak of 340 billion records, Morgan & Morgan, a national law firm, filed a lawsuit against Exactis in Jacksonville, Florida. They are asking for a large settlement to compensate each victim. However, due to the recentness of the incident, nothing has been decided, and no settlements have been issued yet.
Can The Exactis Data Breach Cause Identity Theft?
Despite the fact that no financial information was stolen, and it doesn’t appear that social security numbers were included in the data set, the sheer volume of character details exposes all Americans to phishing scams and marketing ploys, which could infect their computer with a virus or ransomware or worse. You should take immediate steps to secure your private information and your digital life.
What to Do to Protect Yourself Against Future Exposure
Exactis is a data aggregator, and not one of the victims actually provided their information to them, it came from other sources. Therefore, you must be extremely diligent in keeping your personal details safe these days. Some of the ways to stay safe are:
Keep your computer and other devices updated with antivirus software and run deep scans often.
Watch out for phishing emails that prompt you to click a link or open an attachment.
Monitor your bank and credit card statements and sign up for credit monitoring as well.
Reset your online passwords often with very complex, hard-to-guess passwords.
Never give out your personal details to anyone unless you know them well.