At this point, it’s well-known and mostly understood that companies out there are collecting data about everyone, whether we like it or not. We browse to an online shop and that information goes to someone. It all gets collected and very likely sold to some company who wants to market products us based on our browsing activity, our purchasing history, or based on what ads we click. One of the companies that apparently collects a whole lot about a lot of us, 230 million in fact, left a database full of information on us unprotected and open to anyone who wanted to access it for a period of time.
The company, Exactis, has not confirmed this information leak. But according to Wired, a researcher found an exposed database that had about 2 terabytes of data amounting to approximately 340 million individual records left open. Most of the records were on adults. About 110 million were on businesses. The information does not seem to include social security numbers or any kind of payment card details. However, it did include home addresses, email addresses, phone numbers, and even how many children were in the home, as well as their genders and ages, if the individuals had pets, what type of pets, interest and hobbies, and other information than if put together can make a pretty accurate profile of a person.
Because of this, be on the lookout for very specific and targeted phishing email messages that try to phish. Vishing and smishing are also a risk. Vishing is phishing via a voice method and smishing is SMS or text phishing. With the amount of details (the researchers said Exactis collected about 400 data points on each records), it could be very difficult to determine if any message is phishing for additional sensitive information.
Remember that if you are not expecting a link or attachment in a message, email or otherwise, don’t click it without verifying it first. If someone calls on the phone, unsolicited, don’t give out sensitive information.
As a result of this massive leak and the Equifax breach last year, it’s possible that everyone in this country has had a lot of information accessed by people we did not authorize. Be extra diligent going forward about checking credit reports. Everyone in the United States that has credit can get a free credit report from each of the three major credit agencies every year. This can be done on the site annualcreditreport.com. If anything looks suspicious, contact the agency and get it resolved. Even if you see an unfamiliar name on the report, get it taken off. Sometimes those are mistakes, but it may mean that someone is using your identity other than you.
If you have the option of freezing your credit, do so. Starting in September the credit bureaus will no longer charge for doing this. However, since this leak and Equifax included so many people, you shouldn’t wait. If you can’t freeze it, at least have some type of credit monitoring service active. These won’t keep someone from using your credit, but they will alert you so you can take care of it sooner.