What is Exactis and how could it have leaked the data of nearly every American?

“A company you’ve likely never heard of allegedly exposed some of the most personal data of ‘pretty much every U.S. citizen,’ a security researcher said on Wednesday,” Kari Paul reports for MarketWatch. “Exactis, a major data company based in Palm Coast, Fla., allegedly leaked the data of 340 million individuals, according to the security researcher Vinny Troia, who discovered what he described as a breach earlier this month. The records exposed comprise nearly two terabytes of data, according to a report from Wired published Wednesday.”

“The data in question does not include payment information or Social Security numbers but does include email addresses, home addresses, and phone numbers as well as other personal information like habits, hobbies and the number, ages, and genders of the person’s children,” Paul reports. “Exactis did not respond to multiple requests by MarketWatch for comment. The exactis.com website was not loading in the early hours of Thursday.”

“Exactis LLC is a compiler and aggregator of business and consumer data, with a ‘universal data warehouse’ that stores 3.5 billion consumer, business and digital records, updated monthly. The privately held company, founded in 2015, has corporate offices in Florida, California and New York, and has just 10 employees, according to the company’s LinkedIn profile,” Paul reports. “Chief Executive Steve Hardigree has been with Exactis since September 2015, according to LinkedIn. He is also presently the CEO of business-to-business data supplier BrightSpeed, which compiles 50 million business-level contacts daily for direct mail prospecting and telemarketing.”

“Exactis gets information on users through cookies, small packets of data sent out by a website when a user visits it and stored in that user’s data, according to Mark Weinstein, privacy expert and founder of social media site MeWe,” Paul reports. “‘As cookies track everything we do around the web, they sync together, pinging each other and sharing the data they have on you and requesting the sites you visit to do the same,’ he said. ‘Today’s cookies can link your mobile phone to your laptop, to your home monitoring devices, and much, much more. Creepy? Scary? Orwellian? Yes, yes, yes! So imagine that Exactis, like Facebook et.al, knows everything about you — really.'”

Read more, including tips for what you can do to try to protect your privacy, in the full article here.

MacDailyNews Take: And Exactis will likely get away with this security debacle scot-free.

Exactis leak exposes 340 million personal records: Phone numbers, home addresses and religious beliefs were publicly accessible – June 28, 2018
Equifax’s latest breach is very possibly the worst leak of personal info ever – September 8, 2017
Beleaguered Yahoo faces U.S. SEC probe over data breaches – January 23, 2017
Yahoo confirms data breach of at least 500 million user accounts – September 22, 2016
1.16 million more reasons why Apple Pay is the future: Staples’ security breach payment card debacle – December 20, 2014
Judge rules banks can sue Target over credit card breach; Apple Pay value proposition intensifies – December 8, 2014
Massive data breach: Target’s Windows-based PoS terminals were infected with malware – January 13, 2014


  1. Who here would love to see the top execs of this company continuously ‘Red Hen’d’ (like Sarah Sanders) every day for the next 5 or so years?

    We need to train these people and making their lives miserable (in a lawful way) is in my opinion, a good start.

    Would also love to see the personal data of these top execs made public.

      1. I’m no marxist, not by a long shot. Actually would love to destroy it.

        I am frigging sick and effing tired of companies mishandling our personal data. I don’t know the best way to stop it other than 1) Making the lives of these execs a living (in a lawful way) hell. This would ‘train’ future execs to have their tech ‘experts’ find better ways to protect personal data. or 2) Passing a law that totally prohibits all personal data from being collected on the internet.

        We had a proposition here in CA that was going to be on the ballot that would have severely restricted companies from tracking us but guess what? Facebook, google, et al lobbied the CA government and they were ‘able’ to quickly craft together a bill that wasn’t so restrictive and get it passed. Think it passed this past thursday and the prop was removed from the ballot.

        Though democrats were for the ‘little’ people? News flash: They aren’t. They (CA Dems) kowtowed to these companies.

  2. Such a small company, with so much data. Wow. Anyone can do this, and the governments have no clew, or they’re in on it too. Okay folks, time to change our phone numbers, emails, hobbies, genders and ages of children… Not so easy as changing passwords is it? The more data these companies get, the more they should have to pay us for its usage. Of course, they’ll never do that, so them being in a sort of spotlight will have to do, until some one with some power wakes up and gets rid of them. It won’t be governments, though, and it won’t be big companies either.


  3. I thought we were told back when “Cookies” started that is was an anonymous way of tracking interests. Just tied to the computer.

    When did that change and how was the general public notified?

  4. Please, call Exactis for what it is: A domestic spy agency. The NSA and the other 17 gov. spy agencies simply buy from scammers such as Exctis whatever they can’t get legally on you.

    Seems like the US is one large corporate/governmental spy state.

    1. Exactly where did you dig THIS paranoia-driven idea from? Like NSA (or any other governmental agency) needs to know or buy such trivial, easily obtainable data. Good luck getting your mail delivered when no one knows your so-secret name and address.

    2. Uh, if the US government can’t legally obtain information on you, exactly how does their ability to buy that information from a third party alter its illegality?

  5. And raise your hand if you optioned into these spy programs. No? I thought so. That’s how ubiquitous and comprehensive US Fascism is. It’s indeed fascism.

  6. “Exactis LLC is a compiler and aggregator of business and consumer data, with a ‘universal data warehouse’ that stores 3.5 billion consumer, business and digital records, updated monthly.”

    Read that again folks, “stores 3.5 billion consumer, business and digital records”. Holy Fock!!! That’s half the people on the planet and we worry about the NSA???

    I sure bet they didn’t only leak US citizens details, this’ll be worldwide. How many other data collectors are there out there?

    1. That’s 3.5 billion records, not people. But they admitted to leaking the records of 340 million people. They employ ten people. Ten! Perhaps they should consider hiring a competent cybersecurity firm. Perhaps, also, they should start worrying about being investigated or sued. These ten people are some of the folks – I hesitate to call them scumbags as they may be, apart from their ethical shortcomings, otherwise upstanding citizens – who generate the junk mail, robocalls, email spam, and other encroachments on what used to be our liberty to be left alone. They do not do all this by themselves because there are only ten of them. Ten! Obviously they sell it to anyone with money. That is an ethical shortcoming. Those ten men retain their privacy yet profit from violating ours in surreptitious ways.

      1. I should expect traders in private information should be shamed. Such a pity, it is, that the public stocks went out of fashion. It’s said that there were far more miscreants than punishment stations, leading to their abolition. Ah, but these days, there seems to be little shame, as if God had looked the other way the last ten years and we all took advantage.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.