AKRON, OH — Troy Haskins, 41, of Akron received a formal data breach notification Tuesday from a company called NestfulRewards informing him that his personal information had been exposed, despite having no recollection of NestfulRewards, what it does, or any chapter of his life during which he might have wanted whatever it was offering.

The breach, which affected 4.2 million users, exposed names, email addresses, zip codes, and in some cases “answers to security questions,” meaning that somewhere in a database, Haskins had once typed the name of his childhood dog in exchange for something he no longer remembers receiving.

“I’ve been trying to piece together when this happened,” said Haskins, scrolling through a decade of promotional emails from companies he also doesn’t remember. “The best I can figure is I needed 10% off something in 2017 and this is the consequence I’m living with now.”

“He gave away his digital identity for a coupon he probably didn’t use. We can restore the account. We cannot restore the choices that led here.”

Cybersecurity consultant Dana Okafor, 38, reviewed Haskins’ HaveIBeenPwned profile and found his email address has appeared in eleven separate breaches, four of which correspond to websites that no longer exist.

“He gave away his digital identity for a coupon he probably didn’t use,” Okafor said. “We can restore the account. We cannot restore the choices that led here.”

Haskins was advised to change his passwords, enable two-factor authentication, and reflect on what he was looking for in 2017 that NestfulRewards seemed to offer.

At press time, Haskins had clicked “unsubscribe” from the breach notification email and been automatically re-subscribed to NestfulRewards’ weekly newsletter.