Exactis Data Breach
Exactis Marketing Data Broker Breach: 110M Consumer Profiles Including Income, Religion & Ethnicity
Marketing data broker (defunct)
Risk Interpretation
Extremely high risk because the dataset supports profiling at scale. Exposure enables identity theft, phishing, people-search abuse, and granular consumer targeting.
Impact & Downstream Threats
The Exactis breach was especially serious because it exposed one of the richest broker-style profiling datasets ever left open on the public internet. Public breach tracking says the leak involved 340 million records and a subset containing 131.6 million unique email addresses, with hundreds of fields spanning names, addresses, phone numbers, dates of birth, income levels, family structure, net worth, interests, religion, and other profiling data, making the corpus highly useful for phishing, fr
- Financial fraud using exposed financial profile data
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
- Employment-based social engineering using job and employer data
Threat Vectors
Breach Intelligence
Executive Summary
Exactis, a Florida-based marketing data broker, exposed a database of roughly 340 million consumer and business records in June 2018 after leaving it publicly accessible due to a misconfiguration. Security researcher Vinny Troia of Night Lion Security discovered the leak, which spanned multiple terabytes across hundreds of data fields. No external attacker was required. The data was simply open on the internet. Around 110 million individuals are confirmed affected, with a subset of 132 million unique email addresses later added to the public breach notification service Have I Been Pwned. The exposed records were unusually detailed for a data breach. Beyond names, email addresses, phone numbers, and physical addresses, the dataset included dates of birth, income levels, net worth, financial investments, home ownership status, family structure, marital status, religion, ethnicity, spoken languages, education levels, occupations, and personal interests. Exactis compiled and sold this kind of profiling data to businesses for marketing and targeting purposes. Its exposure creates serious risk for affected individuals, including identity theft, phishing attacks tailored with personal details, and misuse by people-search services or other data aggregators. No major regulatory action or class-action settlement has been publicly confirmed in connection with this breach. Because Exactis collected data on people who never directly interacted with the company, many affected individuals had no way of knowing their information was held there in the first place. Anyone who may be included should be alert to targeted phishing attempts and consider monitoring their credit and identity for signs of misuse.
About Exactis
Exactis was a Florida-based marketing data broker and profiling company that described itself as a compiler and aggregator of premium business and consumer data. Its business model centered on collecting, structuring, and licensing large volumes of consumer and business records for profiling, segmentation, marketing, and sales use cases.
Why They Hold Your Data
Marketing data brokers aggregate consumer and business identity, contact, demographic, behavioral, and profiling data across advertising, analytics, and enrichment workflows.
Recent Developments
Exactis’ public corporate profile appears to have largely collapsed after the 2018 exposure. Reporting in 2019 described the company as effectively finished as a business after customers and partners pulled away, and there is little visible evidence today of a meaningful operating presence beyond legacy references and dormant company information.
Data Points Exposed
Exposure Categories
Canonical Fields
credit_status, date_of_birth, education_information, email_address, ethnicity_or_race:ethnicity, family_structure, financial_profile:income, financial_profile:net_worth, full_name, gender, homeownership_status, investment_information, ip_address, job_information:occupation, personal_interests, phone_number, physical_address, physical_address:home, relationship_status:marital, religion, spoken_language
Dark Web Verification
- Dataset containing ~110.0M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: exactis.com-2018;Exactis Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Exactis
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam