Exactis Data Breach, How the Marketing Giant was Hacked

Posted on by David Lukic in Data Breaches December 29, 2020

Before June of 2018, most people had never heard of a company called Exactis. The Florida marketing firm aggregates and sells lists of data. Evidently, they have and store more than 3.5 billion business and consumer records. Exactis was founded privately in 2015. The Exactis data breach was discovered by security expert Vinny Troia who was testing the security protocols of ElasticSearch. He used a tool called Shodan and found 7,000 databases that were accessible on public servers. Shockingly the Exactis database was entirely unsecured and accessible. More than 340 million records were out in the open for anyone to steal, with these numbers, The Data Breach is arguably the biggest one by a marketing firm. Upon discovering the records, Troia contacted the FBI and Exactis. The Exactis data breach is disturbing due to the depth of information included. Not only were there U.S. citizens’ names, email addresses, and phone numbers, there were also 400 entries of data per person. Things like the list below were included: 

  • Various physical addresses.

  • Number, age, and gender of their children.

  • Smoking habits.

  • Religious affiliation.

  • Pet preferences.

  • Even things like scuba diving certifications.

The data appears to be collated from every survey every citizen and businessperson ever took. 

exactis data breach

When Was Exactis Data Breach?

It is unclear how long the records have been publicly available, but the company was started in 2015, so we can assume at least a number of years up until June of 2018 when Exactis removed it after the breach was discovered. 

Exactis Data Breach, Am I Affected?

Unfortunately, Exactis has been closed-mouthed over this incident, and they have not provided any way (online or via phone) for consumers to check to see if they were included. However, FBI impressions where the data appears to include every U.S. citizen, so, therefore, assume you were involved in the Exactis data breach. 

What to Do if Your Data Was Breached by Exactis Hack

Although it is not clear that any nefarious individuals actually found and copied the data, experts assume they did. The vast nature of the data included and the potential for marketing purposes should put you on high alert. Here are some tips: 

  • Be extra watchful for spam or phishing emails. Always check the “from” address to see who it is really coming from. 

  • Keep your devices updated with antivirus software and run scans often.

  • Sign up for credit monitoring and fraud alerts with a reputable company like IDStrong.com.

  • Monitor your credit card and bank statements carefully.

Exactis Data Breach Lawsuit

Soon after the Exactis leak of 340 billion records, Morgan & Morgan, a national law firm, filed a lawsuit against Exactis in Jacksonville, Florida. They are asking for a large settlement to compensate each victim. However, due to the recentness of the incident, nothing has been decided, and no settlements have been issued yet. 

Can The Exactis Data Breach Cause Identity Theft?

Despite the fact that no financial information was stolen, and it doesn’t appear that social security numbers were included in the data set, the sheer volume of character details exposes all Americans to phishing scams and marketing ploys, which could infect their computer with a virus or ransomware or worse. You should take immediate steps to secure your private information and your digital life. 

exactis data breach check

What to Do to Protect Yourself Against Future Exposure

Exactis is a data aggregator, and not one of the victims actually provided their information to them, it came from other sources. Therefore, you must be extremely diligent in keeping your personal details safe these days. Some of the ways to stay safe are:

  • Keep your computer and other devices updated with antivirus software and run deep scans often. 

  • Watch out for phishing emails that prompt you to click a link or open an attachment.

  • Monitor your bank and credit card statements and sign up for credit monitoring as well.

  • Reset your online passwords often with very complex, hard-to-guess passwords

  • Never give out your personal details to anyone unless you know them well.

About the Author
IDStrong Logo

Related Articles

The Anatomy Of Amazon Data Breach Explained

Along with being an online merchant, Amazon also supplies cloud servers to some heavy hitters in the fina... Read More

What is an Accidental Web Exposure and How to Prevent Data Leakage

Data breaches take many forms, and one of them is through accidental web exposure and data leakage. Milli... Read More

The Saga of T-Mobile Data Breach

T-Mobile Data Breach incident occurred many times. Once from September 1, 2013, and September 16, 2015 an... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. What start... Read More

Scan Your Records for Breaches, Leaks & Exposures!