• by Ray Schultz , June 28, 2018

Data on almost every American, including their email addresses and phone numbers, may have been revealed in a breach of a public server at Exactis, a Florida-based data company, Wired reported on Wednesday.

The exposure, which affected a database with almost 2 terabytes of data, includes 340 million records on 230 million consumers and 110 million businesses. The data reportedly is no longer available, and there is no evidence that it has been used or accessed by bad actors, Wired reports.  

The episode occurs just as Europe’s General Data Protection Regulation takes effect.

The breach was discovered by security researcher Vinny Troia. According to Wired, Troia accessed the database on the Internet, and found that it was unprotected by a firewall. He has warned the company and the FBI.

Troia says that the database covers “pretty much every U.S. citizen,” Wired continues.

The data includes 400 personal attributes, including religion, pet ownership, smoking status, lifestyle interests and plus size, Wired reports. In addition, the exposed records contain phone numbers and postal addresses. 

The exposed data does not include Social Security numbers.

Troia was able to produce records requested by Wired on individuals to verify the claim.

On its website, Exactis “boasts” that it has data on 218 million individuals, including 110 million US households, Wired continues. It has 3.5 billion "consumer, business, and digital records," it adds.