A data and marketing aggregating firm leaked a database of personal information "with pretty much every U.S. citizen in it" that was accessible by any hacker who knew where to look, according to security researcher Vinny Troia, Wired reported.
Troia, who owns a New York-based security firm, discovered the breach of nearly 340 million individual records stored on a publicly accessible server this month. The information was stored by data broker Exactis, based in Palm Coast, Florida, and appears to include private information on adults as well as businesses. The database is not reported to include credit card information or Social Security numbers.
The database does, however, include loads of personal information on individuals including "phone numbers, home addresses, email addresses and other highly personal characteristics for every name," according to Wired. It also has more than 400 personal characteristics, such as whether or not a person owned a dog or a cat, whether they smoked, their religion and personal details such as an interest in scuba diving or plus-sized clothing.
"It seems like this is a database with pretty much every U.S. citizen in it," Troia said. "I don't know where the data is coming from, but it's one of the most comprehensive collections I've ever seen."
Troia explained the database was unprotected by a firewall and he'd be "surprised if someone else didn't already have this." He also said Exactis has now protected the data and it is no longer accessible publicly.
New York-based law firm Morgan & Morgan filed a class-action lawsuit against Exactis on Friday in Jacksonville, Florida, Market Watch reported. The suit alleges Exactis failed to protect millions of Americans from data breaches and seeks to recover monetary damages and other relief from those affected.
While the information in the database does not include financial information, the details available could help in profiling individuals or provide fodder for identity theft.
On the company's website, Exactis.com, the firm describes itself as a "leading compiler and aggregator of premium business and computer data," storing "over 3.5 billion records (updated monthly)." The company said its data warehouse was "one of the most respected in the digital and the direct marketing industry."
The Exactis website also states its data covers 218 million individuals and 110 million U.S. households with 88 million records of email addresses that match postal addresses.
The company compiles the data through cookies collected from different websites that record a user's internet movements. Other companies that track similar information include Epsilon, Acxiom, Palantir, Google, Amazon and Facebook, according to Market Watch.
If the claims about the volume of the Exactis breach are correct, this would make it larger than the 2017 Equifax breach of data on 145.5 million people, but smaller than Yahoo's breach last year of 3 billion accounts, Wired reported, adding the difference was individuals in the Exactis breach were unaware they were even in the database.
© 2025 Newsmax. All rights reserved.