The personal and behavioral information of about 230 million consumers and the records of 110 million businesses were discovered left unprotected on a publicly accessible server that was used by data broker Exactis to house its database.
Wired reported that the Florida-based marketing company left close to 2 terabytes of data unprotected, which appears to include personal information on hundreds of millions of American adults, as well as millions of businesses. The data exposed doesn’t appear to contain credit card information or social security numbers.
The Exactis leak is unlike other notable data breaches where personal data was stolen by malicious hackers.
If accessed by hackers, the type of personal and behavioral information contained in the Exactis data could aid scammers in impersonating consumers in attempts to steal their identity. Cybercriminals can also directly target consumers with more precise or personalized phishing emails and other scams based on information gleaned from the database.
The data exposed includes phone numbers, home addresses, email addresses, and other highly personal characteristics such as their interests and habits and the number, age and gender of the person’s children.
Each record contains information that is much more detailed behavioral data, such as whether the person smokes, their religion, whether they have dogs or cats, and interests as varied as scuba diving and plus-size apparel.
On its website, Exactis claims to possess data on 218 million individuals, including 110 million U.S. households, and 3.5 billion consumer, business and digital records.
If the Exactis exposure does result in the leak of the personal information of 230 million consumers, it would be one of the largest unprotected databases in years. It will be bigger than 2017’s Equifax breach, where about 148 million people had their personal information stolen.