in Newswire Published on June 29, 2018

Class Action Claims Massive Exactis Data Breach Caused by Failure to Employ ‘Most Basic Forms of Security’

by Corrado Rizzi

Last Updated on July 2, 2018

View Comments

Heretick v. Exactis, LLC

Filed: June 28, 2018 § 3:18cv822

Read Complaint

Consumer and business data aggregator Exactis is facing a class action over a data breach allegedly larger in scope and damage than last year's Equifax incident.

Defendant(s)

Exactis, LLC

Law(s)

State(s)

Florida

Exactis, LLC has been hit with a proposed class action lawsuit over a data breach that allegedly exceeds the Equifax fiasco in both the scale and value of consumer and business information left exposed on company servers.

Exactis is a leading compiler and aggregator of business and consumer data. The company houses more than 3.5 billion business and consumer records containing not just phone numbers, home addresses, and e-mails, according to the lawsuit, but also personal interests, ages and genders of consumers’ children, and “other extremely detailed, personal information” that in some cases exceed 400 data points per business or individual.

Despite being aware of the gravity of and hazards associated with safeguarding such an extensive trove of weaponizable data, Exactis “failed to employ even the most basic forms of security,” the lawsuit alleges. As a result, the company left on a public server the information of more than 230 million consumers and 110 million businesses “bare, unprotected, and available to anyone to download,” the lawsuit claims. The “expansive database” of consumer and business information—approximately two terabytes-worth of data—was discovered by Night Lion Security researcher Vinny Troia, who reportedly stated that the cache contained information on “pretty much every U.S. citizen,” according to the complaint.

From the lawsuit:

“Citizens from across the United States have suffered real and imminent harm as a direct consequence of [the defendant’s] conduct, which includes: (a) refusing to take adequate and reasonable measures to ensure its data systems, as well as the data stored therein, were protected; (b) refusing to take available steps to prevent the breach from happening; (c) failing to disclose to its customers the material facts that it did not have adequate computer systems and security practices to safeguard Personal Information; and (d) failing to provide timely and adequate notice of the data breach.”
Case Spotlight

Video Game Addiction Lawsuits

If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.

Learn more:Video Game Addiction Lawsuit

Depo-Provera Lawsuits

Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.

Read more: Depo-Provera Lawsuit

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on July 2, 2018 — 4:16 PM

Corrado Rizzi

corrado@classaction.org

Corrado Rizzi is the Senior Managing Editor of ClassAction.org.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.