It turns out that 340 million records were left exposed on an unsecured server by the Exactis marketing and data firm. Just over 100 million of those records were for businesses the company dealt with. Close to 350 million belonged to consumers.  The data included home and email addresses as well as phone numbers.

Where doe Exactic get this information? Well, if you make purchases by credit card, online purchases,  use coupons or discounts, use any kind of rewards card, use a free email service like Gmail, Yahoo, Outlook, or Hotmail, use any social media, or any type of free app, they collect this type of data and sell it to firms like Exactis who use it to target advertising to you.

Also exposed was a wealth of personal data like marital status, pets, political preferences, and buying habits. Even though bank information wasn’t included, this type of data can make it easy to steal identities and target consumers for fraud. Scammers could use information like this to guess your passwords or answer security questions. I hope you’ve already enabled two-factor authentication on any account where it’s available.

So, it’s a good idea to be extra-vigilant with emails and messages, just in case there are malicious links in there. You might also want to consider setting up fraud alerts for accounts if they’re available.