The Exactis Data Breach: What Consumers Need to Know

By on Jun 28, 2018

There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was sitting on a publicly accessible server. Specifically, there were two versions of the database exposed online, each with around 340 million records—roughly two-thirds on consumers and the rest on businesses.

So how did Exactis have this much data in the first place? The Florida-based marketing firm collects and trades consumer data in order to refine the accuracy of targeted ads. Which is precisely what makes this breach so crucial, as the information exposed is highly personal. The leaked data includes people’s phone numbers, home and email addresses, interests, and the number, age, and gender of their children. As of now, credit card information and Social Security numbers don’t appear to have been leaked.

The behavioral data involved in this leak, alongside the personal information, makes this breach particularly concerning because of how this information can be used by cybercriminals to improve the success of socially engineered attacks. For instance, crooks can use such personal information in phishing attacks over email or social media. Now, cybercriminals can enact highly personalized attacks against consumers, who will already be faced with potentially fraudulent activity against their names.

Therefore, it’s important consumers immediately take action to protect their personal security and identity. To do just that, follow these tips:

  • Keep an eye out for sketchy emails and messages. Cybercriminals can leverage this stolen information for phishing emails and social engineering scams. So, if you see something sketchy or from an unknown source in your email inbox or a social media message, be sure to avoid clicking on any links provided. Better to just delete the email or message entirely.
  • Set up an alert. Though this data breach does not compromise financial data, this personal data can still be used to obtain access to financial accounts. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft solution. With this breach, almost every American adult could be facing the possibility of identity theft. That’s precisely why they should leverage an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

  1. Gary, is it possible to add inaccurate information to the public information, allowing only some trusted sources, (bank, utilities, state agencies, etc) to have the correct information?
    The goal here would be to make breaches such as Exactis less useful for unlawful activities, while giving targeted ads a larger but still accurate target.

  2. what does it mean when I look up any thing on line on my home computer it comes up double at top of my screen ? is it possible my computer has been cleaned? if so how do I find out and fix ?
    Thank You

  3. I wonder if Exactis deliberately exposed this information and called it a “data-breach” to cover up their deliberate operation to profit from exposing millions of user data. Surely, by now, with all the other data breaches, i.e. Equifax,, there are new compliance regulations that data collection houses must use to routinely monitor their databases.

    Just a thought.

  4. thank you for this heads up. Much needed in today’s world for us all to protect ourselves.

Subscribe to McAfee Securing Tomorrow Blogs