A database controlled by a Florida-based marketing and data aggregation company may have been compromised, exposing individual records on nearly 340 million people and businesses.
Security researcher Vinny Troia found that nearly 2 terabytes of data were exposed, which includes records of 230 million consumers and 110 million businesses.
"It seems like this is a database with pretty much every US citizen in it," Troia, founder of the New York-based security firm Night Lion Security, told Wired. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen.”
If these estimates are accurate, the leak would be even larger than the Equifax data breach of 2017, which exposed the personal data of around 145 million people.
Highly personal information
Although credit card information and Social Security numbers don’t appear to have been leaked, the alleged breach reportedly exposed highly personal information, including phone numbers, home addresses, email addresses.
It also exposed more than 400 personal characteristics, including interests, habits, if the person owns a dog or cat, and the age and gender of the person’s children. Wired noted that in some cases, the information may have been inaccurate or outdated.
Despite the fact that no financial information was included, experts say that the wide range of personal data revealed could still make it possible for bad actors to create a more complete profile of individuals or help scammers steal identities.
Troia said he informed Exactis and the FBI that he was able to access the database on the internet earlier this month. The data is no longer publicly accessible. Exactis has not yet confirmed the leak.