Alteryx, a cloud-based marketing and analytics firm, left a database containing the personal information of 123 million American households open and unsecured on an Amazon platform, cybersecurity company UpGuard discovered.
Alteryx apparently purchased the 36-gigabyte consumer database from Experian, which harvests consumer data and sells it under the name “ConsumerView” to essentially any company that wants to buy it.
The databases contain addresses, phone numbers, the number of children living in your household and their age ranges and gender; your age, occupational, marital, and educational status; the magazines you subscribe to; your mortgage amount; how old your car is; which charities or causes you donate to; your ethnicity; even whether you’re a dog or cat person – to name just a very few of the specific types of information the exposed Alteryx data contains, according to Huffington Post and CNET.
According to various sources, 123 million households is roughly the number of households in the country, meaning virtually every U.S. consumer may be affected by this data breach.
Chris Vickery, UpGuard’s cyber risk research director, told Huffington Post that he stumbled across the Alteryx database while conducting a routine search of data stored on Amazon Web Services, which houses data for companies of all types and sizes. Alteryx put the ConsumerView data there but left it open for anyone to access and view.
Mr. Vickery says he discovered the Alteryx data in October. The company was notified and has since corrected the problem. However, neither Alteryx nor Experian acknowledge the potential harm the exposed data may have caused to millions of Americans, including identity theft, spamming, and use of the information to access websites protected by knowledge-based authentication – portals that ask questions such as “what was your address five years ago” and other information only you are supposed to know.
“I’m a little disappointed that [Alteryx] would just leave it unencrypted out there for anybody, and that Experian would just give them a copy like that,” Mr. Vickery told Huffington Post. “Keeping it open and in the clear is just asking for trouble.”
Unfortunately, nearly every U.S. consumer’s personal information is at risk because of the substandard and often sloppy ways that many companies that own the data handle it. And there is little any U.S. consumer can do except call for better consumer protections and regulations governing the collection, storage, and use of highly sensitive data.
Until U.S. lawmakers get serious about improved laws protecting consumers, anyone adversely affected by the Alteryx data breach or any other the other major data hacks that have occurred recently should consider filing or joining a lawsuit. Perhaps when companies are held responsible by those harmed and threatened with potentially millions of costly lawsuits will they finally take their responsibility protecting consumer information more seriously.
“Big Data continues to demonstrate its disregard for consumer data and privacy rights through their failure to take measures ensuring data security,” said Andrew Brashier, a lawyer in Beasley Allen’s Consumer Fraud Section. “This past year we have seen nearly all Americans impacted by the Experian data breach and once again we see the same with Alteryx’s exposure of data.”
Beasley Allen attorneys are investigating reports of consumers affected by Alteryx’s exposure of consumer data. Presently, it is unclear whether Alteryx will be contacting individuals affected by the data breach. Consumers might want to contact Alteryx to determine if their information is included.
If you find that you have been affected and are interested in joining a class action lawsuit, contact Andrew Brashier or Leslie Pescia, lawyers in the firm’s Consumer Fraud Section, or Dee Miles, the Section Head, or call the firm at 800-898-2034.