Factual

In March 2017, a database belonging to Factual, a location data and business information aggregator, was published online. The exposed dataset contained approximately 8 million records, including 2.5 million unique email addresses, along with company names, physical addresses, and phone numbers. Factual, which specializes in aggregating publicly available business and location data, stated that the information included in the leak was already publicly accessible via their website and APIs. Despite this claim, the publication of the aggregated dataset in a single downloadable format raised significant concerns about data aggregation risks and the potential for misuse of compiled public records. The incident highlighted how aggregated public data, even when individually non-sensitive, can pose privacy and security risks when compiled at scale and distributed through unauthorized channels. No passwords or financial data were reported as part of this exposure. The leak is classified as an open data or parsing-type incident rather than a traditional intrusion, as the data was sourced from publicly available Factual services.