“A company you’ve likely never heard of allegedly exposed some of the most personal data of ‘pretty much every U.S. citizen,’ a security researcher said on Wednesday,” Kari Paul reports for MarketWatch. “Exactis, a major data company based in Palm Coast, Fla., allegedly leaked the data of 340 million individuals, according to the security researcher Vinny Troia, who discovered what he described as a breach earlier this month. The records exposed comprise nearly two terabytes of data, according to a report from Wired published Wednesday.”
“The data in question does not include payment information or Social Security numbers but does include email addresses, home addresses, and phone numbers as well as other personal information like habits, hobbies and the number, ages, and genders of the person’s children,” Paul reports. “Exactis did not respond to multiple requests by MarketWatch for comment. The exactis.com website was not loading in the early hours of Thursday.”
“Exactis LLC is a compiler and aggregator of business and consumer data, with a ‘universal data warehouse’ that stores 3.5 billion consumer, business and digital records, updated monthly. The privately held company, founded in 2015, has corporate offices in Florida, California and New York, and has just 10 employees, according to the company’s LinkedIn profile,” Paul reports. “Chief Executive Steve Hardigree has been with Exactis since September 2015, according to LinkedIn. He is also presently the CEO of business-to-business data supplier BrightSpeed, which compiles 50 million business-level contacts daily for direct mail prospecting and telemarketing.”
“Exactis gets information on users through cookies, small packets of data sent out by a website when a user visits it and stored in that user’s data, according to Mark Weinstein, privacy expert and founder of social media site MeWe,” Paul reports. “‘As cookies track everything we do around the web, they sync together, pinging each other and sharing the data they have on you and requesting the sites you visit to do the same,’ he said. ‘Today’s cookies can link your mobile phone to your laptop, to your home monitoring devices, and much, much more. Creepy? Scary? Orwellian? Yes, yes, yes! So imagine that Exactis, like Facebook et.al, knows everything about you — really.'”
Read more, including tips for what you can do to try to protect your privacy, in the full article here.
MacDailyNews Take: And Exactis will likely get away with this security debacle scot-free.
Exactis leak exposes 340 million personal records: Phone numbers, home addresses and religious beliefs were publicly accessible – June 28, 2018
Equifax’s latest breach is very possibly the worst leak of personal info ever – September 8, 2017
Beleaguered Yahoo faces U.S. SEC probe over data breaches – January 23, 2017
Yahoo confirms data breach of at least 500 million user accounts – September 22, 2016
1.16 million more reasons why Apple Pay is the future: Staples’ security breach payment card debacle – December 20, 2014
Judge rules banks can sue Target over credit card breach; Apple Pay value proposition intensifies – December 8, 2014
Massive data breach: Target’s Windows-based PoS terminals were infected with malware – January 13, 2014