Security lock

Major Breach Impacts 340 Million American Customers and Businesses

Breach Releases Personal Details for Millions of U.S. Citizens and Businesses

Have you ever heard of Exactis?  According to their website, the company states, “Exactis is a leading compiler and aggregator of premium business and consumer data”.  They go on to tout “With over 3.5 billion records (updated monthly), our universal data warehouse is one of the largest and most respected in the digital and direct marketing industry”.  That is a ton of data.  One would assume they have some serious security in place to keep that information safe.  But, we all know how bad it is to assume…

According to a researcher, Vinny Troia, that was certainly not the case.  While researching the lack of security of ElasticSearch, another database, he found Exactis was actually leaving business and consumer personal data available to online users, without any form of firewall.   The 340 million exposed records included business and consumer names, email addresses, physical addresses, personal likes and dislikes, names of any children, as well as their ages, and more.  Although, it is important to note, social security numbers were not listed.  Even without having socials posted, if this information was obtained by hackers, they could certainly create false profiles or targeted social engineering attacks.

After being notified of the breach, Exactis worked to resolve the security gap.  As of today, the information is no longer available for public viewing.  Although, that does not mean damage hasn’t already been done.  It remains unclear if the information was found by a malicious third-party.  However, Troia states it would not have been difficult to find.

Next Steps

From a consumer perspective, it is important to do the following:

  • Keep an eye out for sketchy emails or messaging in social media platforms.  Businesses have begun advertising more in messaging on social media sites — which means hackers will be replicating this.  Keep an eye out for anything that is too good to be true, and if you’re ever in question — DO NOT CLICK!
  • Although identity theft is unlikely with this information, it is still important to monitor your credit card and bank statements.  If you find anything questionable, notify your banking institution immediately.
  • If you haven’t done so already, you are encouraged to invest in an identity theft protection plan.  Often times these are incredibly affordable, and offer family protection.  Meaning, you can ensure your information remains secure, as well as your family members.

 14,499 total views,  2 views today

(Visited 1 times, 1 visits today)

8 thoughts on “Major Breach Impacts 340 Million American Customers and Businesses”

  1. I concur.
    These companies actually have employees that could steal our information, or worse download the information and send it off to the theeves that use it for no good. Espionage is worse than what a hacker gets access too. Just think about how long it takes to download data of 340 million people…

  2. Don’t trust anyone! You are responsible for your own self, no one else is or should be. Get your own protection, firewalls, etc. Don’t allow anyone to have control over your information by giving out any of it to anyone. Only do business with those who have protections in place when you do give information. If the Internet gets too vulnerable we could all go back to “in person” business actions or by ‘postal mail’.

  3. Whatever the numbers, for this to have happened is inexcusable. The management and the whole IT department should be sacked and prosecuted for criminal negligence for not following basic data protection procedures.

  4. How could that breach affect 340 million Americans when the population of America in 2018 is given as a little over 320 million.

    1. @D. Swift: The article states: “340 million exposed records included business and consumer names…” Therefore, the reason for the high head count.

  5. Quote: “If you haven’t done so already, you are encouraged to invest in an identity theft protection plan.”

    Can’t believe you would recommend this after most ever other security site says they are a waste of money. Unless you know one that actually works, in which case you should let us know.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.