The personal information of about 230 million consumers and the records of 110 million businesses were discovered left unprotected on a publicly accessible server.
Wired reported that Exactis, a data broker based in Palm Coast, Florida, left close to 2 terabytes of data unprotected, which appears to include personal information on hundreds of millions of American adults, as well as millions of businesses. The exposed information doesn’t appear to contain credit card information or social security numbers.
The Exactis leak is unlike other notable data breaches where personal data was stolen by malicious hackers. Still, the type of personal information contained in the Exactis breach could aid scammers in impersonating consumers in attempts to steal their identity.
The data exposed includes phone numbers, home addresses, email addresses, and personal characteristics such as the consumer’s interests and habits and the number, age and gender of the person’s children.
Each record contains entries beyond contact information and public records. It includes a range of characteristics: whether the person smokes, their religion, whether they have dogs or cats, and interests as varied as scuba diving and plus-size apparel.
On its website, Exactis claims to possess data on 218 million individuals, including 110 million U.S. households, and 3.5 billion consumer, business and digital records.
If the Exactis exposure does result in the leak of the personal information of 230 million consumers, it would be one of the largest unprotected databases in years. It will be bigger than 2017’s Equifax breach, where about 148 million people had their personal information stolen.