The 2019 Acuity Data Breach: What Happened and What Was Exposed?

In early 2019, Acuity, a well-known insurance company based in the United States, experienced a data breach of staggering scale. The breach led to the exposure of a massive dataset containing the detailed personal and household information of more than 241 million individuals. This dataset, which was later published on a public forum in 2021, included names, addresses, phone numbers, demographic data, and other sensitive information, making it one of the most significant privacy incidents in recent years. The sheer scope of the exposure—and the nature of the information involved—highlighted just how much detailed consumer data can be compromised in a single breach, impacting the privacy of millions across the U.S.

Timeline of the Acuity Breach

The Acuity data breach reportedly took place at the start of 2019, although public awareness of the incident heightened in mid-2021 when the compromised dataset was published online. This gap between the breach and the leak allowed the data to remain undetected in public spaces for some time. The sequence underscores how breaches can sometimes go unnoticed until data surfaces elsewhere, later drawing attention to the scale and severity of the original compromise.

What Information Was Exposed?

The breach exposed an array of personally identifiable information (PII), including:

• Full names (first, middle, last, suffix, and title)
• Full address details (street number, direction, street, suffix, apartment or unit, city, state, and ZIP code)
• Phone numbers (including area code and primary number)
• Date of birth (year, month, and day)
• Other demographic information such as occupation and ethnicity

This level of detail represented a major risk to affected individuals, given the breadth of information tied to each person in the dataset.

How Many People Were Affected?

The Acuity data leak impacted 241,767,916 records. Given the U.S. population and the depth of household details, it's likely that nearly every adult American had at least some portion of their information exposed through this breach. The impact extended broadly, covering households and individuals grouped by a variety of demographic factors.

How Did the Data Become Public?

Although the theft or exfiltration of data reportedly occurred in 2019, the full breach only gained public notice two years later, when it was published on a public forum in 2021. The time delay between breach and publication allowed the data to circulate quietly before broad attention was drawn to the exposure.

Frequently Asked Questions

What happened in the Acuity data breach?

The Acuity data breach began in early 2019 when a large dataset containing personal information from an insurance company was compromised. The information was later published online in 2021, leading to broad public awareness and concern over the privacy of millions of Americans.

How many records or users were exposed in the Acuity breach?

The Acuity breach exposed 241,767,916 records, affecting a large portion of households and individuals across the United States.

What kind of data was leaked in the Acuity incident?

The leaked data included full names, addresses, phone numbers, dates of birth, occupation details, and demographic information such as ethnicity. This made the dataset particularly sensitive and valuable for misuse.

Who was responsible for the Acuity data breach?

The specific perpetrators behind the Acuity breach have not been publicly identified, and there is limited information about who was directly responsible for compromising and leaking the dataset.

How can I check if I’m in the Acuity breach?

You can check if your information was part of the Acuity breach by utilizing the DeHashed search engine.