Exactis Data Breach Sparks Class Action Lawsuit

The first class action lawsuit against Exactis has been filed in response to the company’s massive data breach that exposed the private information of more than 200 million U.S. consumers and 110 million business contacts. The marketing and data aggregation firm was the subject of a data breach in which customer information ended up on the internet for hackers or anyone else to view.

Security researcher Vinny Troia discovered the breach earlier this month. While it doesn’t appear to include sensitive information, such as a credit card account numbers or social security numbers, it was close to two terabytes of data, including phone numbers, addresses, emails and other information like interests, habits and the number of one’s children.

“It seems like this is a database with pretty much every U.S. citizen in it,” said Troia, founder of Night Lion Security, in the report.

The civil case was filed in U.S. District Court in Florida by attorneys Adam Levitt and Amy Keller of law firm DiCello Levitt & Casey, along with their co-counsel. Keller is also co-lead counsel in the recent Equifax data breach class action.

“The data compromised by Exactis’ breach is even more severe than financial information, such as credit card or bank account numbers. Exactis’ database included email and postal addresses, whether a person had a pet, whether the person is a smoker and a number of other personal interests. This type of information is frequently used by hackers to steal identities and break into your accounts,” said DiCello Levitt & Casey Co-founder Levitt, recognized as a pioneer in privacy cases.

Keller stressed that the recent rise in data breaches makes attorneys’ work all the more important: “Time and time again in massive data breaches such as this, plaintiffs’ lawyers supplement the important work of government-led investigations to secure meaningful relief for consumers. More and more companies are monetizing our personal information without our consent. It’s important that these companies know that they will be held accountable for their carelessness through lawsuits like ours.”



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.