Breach Releases Personal Details for Millions of U.S. Citizens and Businesses
Have you ever heard of Exactis? According to their website, the company states, “Exactis is a leading compiler and aggregator of premium business and consumer data”. They go on to tout “With over 3.5 billion records (updated monthly), our universal data warehouse is one of the largest and most respected in the digital and direct marketing industry”. That is a ton of data. One would assume they have some serious security in place to keep that information safe. But, we all know how bad it is to assume…
According to a researcher, Vinny Troia, that was certainly not the case. While researching the lack of security of ElasticSearch, another database, he found Exactis was actually leaving business and consumer personal data available to online users, without any form of firewall. The 340 million exposed records included business and consumer names, email addresses, physical addresses, personal likes and dislikes, names of any children, as well as their ages, and more. Although, it is important to note, social security numbers were not listed. Even without having socials posted, if this information was obtained by hackers, they could certainly create false profiles or targeted social engineering attacks.
After being notified of the breach, Exactis worked to resolve the security gap. As of today, the information is no longer available for public viewing. Although, that does not mean damage hasn’t already been done. It remains unclear if the information was found by a malicious third-party. However, Troia states it would not have been difficult to find.
Next Steps
From a consumer perspective, it is important to do the following:
- Keep an eye out for sketchy emails or messaging in social media platforms. Businesses have begun advertising more in messaging on social media sites — which means hackers will be replicating this. Keep an eye out for anything that is too good to be true, and if you’re ever in question — DO NOT CLICK!
- Although identity theft is unlikely with this information, it is still important to monitor your credit card and bank statements. If you find anything questionable, notify your banking institution immediately.
- If you haven’t done so already, you are encouraged to invest in an identity theft protection plan. Often times these are incredibly affordable, and offer family protection. Meaning, you can ensure your information remains secure, as well as your family members.
