What is a data broker? 2025 insights on how they collect, use, and sell your data

Data broker companies represent a massive, yet often unknown, industry in the underbelly of the digital ecosystem. Their data collection and selling tactics not only raise privacy concerns but can also spread erroneous information about you and even make you vulnerable to criminal activity. Here’s everything you need to know about how data brokers operate and what you can do to protect yourself.

What is a data broker?

A good data broker definition is “a company that collects personal information via various sources, then analyzes, organizes, and sells or licenses that information to anyone willing to pay for it.”

Data brokers play a significant role in the digital ecosystem, where information is the most valuable commodity. There are over 5,000 data brokers worldwide, and the global data broker industry is expected to eclipse $365 billion by 2029 (Maximize Market Research).

Data brokers collect information and sell consumer data to marketers, insurance companies, and banks. The information data brokers sell can be used to predict user behavior, serve targeted advertising, mitigate risk, and detect fraud.

Scammers and abusers can also get personal information from data brokers to commit crimes such as identity theft. Anyone can be targeted – even ordinary people with average income – but some groups are particularly vulnerable, including the senior population, minority groups, activists, and public figures.

What’s more, data brokers sell information to law enforcement and other government agencies, which can use location and other data for surveillance – effectively bypassing the need for a warrant. Per a TechCrunch article, the Supreme Court has upheld that law enforcement agencies cannot acquire your personal data or compel companies to turn it over without a warrant, but there are no laws that prevent law enforcement agencies from simply buying your information.

In addition, a Duke University study found that data brokers can even sell personal data about U.S. military members to foreign countries. In response, U.S. Senate Intelligence Committee member Senator Ron Wyden told MIT Technology Review that the data broker industry “poses a serious threat to U.S. national security.”

How do data brokers get your personal information?

Data brokers collect information by employing various strategies, including culling consumer data from public and private sources such as:

• Public records: Birth certificates, marriage licenses, employment history, divorce records, bankruptcy records, court records, census data, voter registrations, motor vehicle records, and other public records are easy sources of sensitive data
• Online activity: Browser cookies, social media accounts, online games, mobile app activity, online quizzes and forms, sweepstakes entries, smart home devices, and even web scraping tools lend insights into your interests, online behaviors, health conditions, and demographics. You might also unknowingly grant consent for online services and mobile apps to collect and sell information in the fine print of their terms and conditions
• Shopping behavior: Data brokers buy information from credit card companies, retailers, loyalty programs, and other sources to identify your purchase history, including what you buy, when you buy it, and how you pay for it. In other words, they pay private companies for your information and use it to create consumer reports
• Other data brokers: Data brokers even buy information from one another to augment their own records

What types of data do data brokers collect and what do they do with it?

Data brokers amass thousands of data points on you and everyone else, including:

Demographics

• Date of birth
• Occupation
• Ethnicity
• Gender
• Income
• Age
• Education level
• Marital status
• Net worth
• Credit score range
• Political affiliations
• Charity affiliations
• Religious affiliations

Consumer behavior

• Shopping and purchase history
• Online activity
• App activity
• Interests and hobbies
• Websites visited
• Advertisements clicked
• Location information
• Social media profiles 
• Bill payments and cards used

Personal information

• Name
• Aliases
• Address
• Previous addresses
• Email address
• Phone numbers
• Children and family relations
• Property records
• Vehicles owned
• Social Security number
• Government records
• Driver’s license number
• Assets
• Criminal records
• Sexual orientation
• Clothing size

So, what do data brokers do with all this personal information? They sell it for targeted advertising, risk mitigation, insurance decisions, fraud detection, identity verification, and other purposes. They can also employ data processing to categorize people into user segments, such as “single dads,” “young mothers,” and “fitness enthusiasts.”

Unfortunately, criminals can also use your sensitive information to:

• Steal your identity and money
• Make purchases in your name
• Access your private photos and videos
• Blackmail you
• Get medical care in your name
• Obtain health insurance benefits or other services in your name
• Hack your online and mobile accounts
• Ruin your credit score
• Wreak havoc on your finances – and your life
• Commit hate crimes

For example, a hate group could purchase data to identify and target LGBTQ+ individuals, a scammer could purchase data to target senior citizens specifically, or an abusive spouse could get data to locate, harass, and even assault or murder their ex.

What types of data brokers are there?

The world of data providers is made up of major players as well as thousands of smaller companies. Major data brokers like TransUnion, Experian, Equifax, Acxiom, LexisNexis, CoreLogic, and others collect data from various sources, including:

• Public records like census data and motor vehicle records
• Banks, credit unions, and other financial institutions
• Finance and lending companies
• Credit card issuers
• Retailers
• Course management systems
• Student loan providers and student information systems

Some, like Acxiom, function as marketing agencies. They provide databases containing purchasing behaviors and personal details of millions of consumers from all over the world to other companies for targeted advertising. Others, like Equifax and Experian, function as consumer reporting agencies that are used to determine one’s credit, employment, rental, and insurance eligibility.   

Then there is a plethora of smaller data brokers AKA people-search sites that get data from major brokers, public records, and numerous other sources. As the name suggests, these databases work as a search engine for people, providing lookups by name, address, or phone number. However, while most data brokers operate on a business-to-business model, providing information about you to organizations and platforms, people-search sites take your data beyond the B2B perimeter, making it easily available to anyone interested.

Whitepages, Spokeo, BeenVerified, and hundreds of other people-finder sites get millions of visits each month and expose such personal information as current address, location history, birthdate, employment and education background, family ties, and associates, criminal records, credit score range, bankruptcies, judgments, and numerous other sensitive details. Anyone can get hold of this data as it’s readily available in the form of personal profiles, often completely free.

In addition, this is where search engines are involved in the enormous scope of this data exposure phenomena, leading to massive privacy violations. Here’s how:

• Content quality is a major factor in search results ranking
• Search engines judge content quality based on how rich and unique this content is
• As a result, people-search sites release more and more information about people for free, in effect creating detailed and unique content, to compete and win in the search rankings

The more private information these sites make public, the more likely they are to rank high on search engines, get millions of visitors, and make millions of dollars by selling additional personal information – which can include anything from your hobbies to your credit card details.

How do data brokers make money?

Data brokerage companies make money from various revenue models, including:

• Identity verification: Data brokers are used to cross-reference information to verify identities for mortgage loan applications and other purposes
• Fraud prevention: Similarly, data collected by data brokers can be used to detect and thwart fraud attempts
• Background checks: Data brokers are used to conduct background checks for jobs, law enforcement, health insurance companies, tenant screening, and other applications
• Ad revenue: Data brokers aka people-search sites that publish people’s profiles online and get millions of visitors can earn money through display advertising, affiliate partnerships, and other pay-per-click or pay-per-action advertising
• Personal background reports: People-search sites also make money by selling in-depth background reports on any person to anyone willing to pay
• Targeted consumer lists: Some data providers sell lists of target consumer segments to advertising companies, such as “new mothers” or “people with diabetes”

Are data brokers legal?

Yes, data brokers are legal and have the right to publish public information. While data brokers in European Union countries must comply with GDPR (General Data Protection Regulation), the U.S. doesn’t have federal data privacy laws governing information brokers.

That said, the Consumer Financial Protection Bureau is proposing restrictions on what information data brokerage companies can sell, the Federal Trade Commission (FTC) has proposed regulations to limit how businesses like data vendors can collect and use information, and some U.S. states have started to regulate data brokers through data privacy legislation.

One example is the California Delete Act, which allows California residents to request deletion from all data brokers at once and prevents data brokers from selling or sharing information about those who have opted out. Other states that regulate data brokers include Vermont, Oregon, and Texas.

There are also laws that require data brokers to remove your personal information on request. People-search sites, for example, all have opt-out and Do-Not-Sell-My-Info procedures, though the process is typically tedious and time-consuming to discourage you from opting out.

Another example of federal-level regulation is the Fair Credit Reporting Act (FCRA) which regulates the way credit reporting agencies can access, use, and share the data in your consumer reports. Only consumer reporting agencies that follow FCRA guidelines can be used to conduct background checks and make decisions about credit, insurance, tenancy, or employment eligibility. People-search sites don’t fall under the category of such agencies.

However, even though most of them include disclaimers of no FCRA compliance on their websites (usually in the footer), they can’t actually check why someone is using their services. As a result, people often use these sites for the above-mentioned forbidden purposes as they can easily look anyone up without paying big money to legitimate credit reporting bureaus. And because data brokers don’t verify their data and can publish false information, this practice ultimately costs people jobs, college admissions, and other opportunities.

Examples of data broker breaches

In addition to selling your information, data brokers are susceptible to data breaches, which can expose your private information worldwide and on the dark web.

The information collected might include details you don’t want people to know, such as medical conditions, income, and court proceedings.

Notable data broker breaches include:

• Equifax, September 2017: More than 147 million people had their personal data exposed by this Equifax data breach, including names, birthdates, addresses, SSNs, and driver’s license numbers
• Experian, October 2015: Personal data of more than 15 million people was compromised when a data breach exposed names, addresses, Social Security numbers, and passport numbers of those who had applied for credit checks through T-Mobile
• People Data Labs, November 2019: An unsecured database exposed around 1.2 billion records, including 600 million email addresses collected by People Data Labs
• Exactis, June 2018: This breach exposed 340 million records, including people’s phone numbers, email addresses, interests, hobbies, and information about their children

How to protect yourself from data brokers

Even though it’s legal for data brokers to share your data, there are still ways to prevent your personal information from being sold and exposed. Follow these tips to protect yourself.

1. Remove yourself from people-search sites

As mentioned, data brokers must allow you to opt out – but they don’t make the process easy. It can take hundreds of hours to opt out of all the people-search sites that share and sell your information since you have to submit an opt-out request for each site individually. Moreover,  they will likely republish your information later.

Onerep can help you automate the opt-out process. Our service scans 214 sites for your information, and then automatically does the work of removing it for you. After the initial removal, we continually monitor each site so that if your information is republished, we begin the removal process again.

2. Use dummy data

Use dummy data and invent nonidentifying screen names when registering for online accounts or services, including social media, messaging apps, and online forums. Create a throwaway email address that doesn’t identify you and consider using a service such as TempMail for one-time emails.

3. Avoid loyalty programs

Resist the temptation to sign up for loyalty and rewards programs, which share your personal data and shopping habits with data brokers. If you can’t avoid them, at least use a fake name, dummy email, and other nonidentifying information to create your accounts.

4. Minimize your digital footprint

Your digital footprint is a record of your online activities, and data brokers can piece together various bits of information taken from different sources to create a profile of you. 

Take measures to minimize your digital footprint to restrict your information from being shared and sold. Keep yourself as anonymous as possible, limit what you share on social media sites, and avoid filling out online forms, taking surveys, or entering sweepstakes – all of which can share your information with data brokers.

5. Use a secure browser (or block cookies and ads)

Privacy-first browsers such as DuckDuckGo, Brave, and Tor-based browsers automatically disable web tracking cookies and block ads to prevent your online activities from being tracked by data collection sites.

If you don’t want to use a privacy browser, you should at minimum install an ad blocker, block (and reject) website cookies, and browse in incognito mode.

6. Limit app downloads and delete unused apps and accounts

Be careful about which apps you download, as many collect personal and behavioral information to share with data brokers. This is particularly true with free apps and games.

In addition, delete any apps and online accounts you no longer use or need. Even though they might already have your information, deleting apps and accounts prevents them from collecting and sharing more data about you.

7. Always read the fine print

Check terms of service, terms of use, terms and conditions, and privacy policies before you sign up for online accounts and apps. Though long and tedious, these documents should outline what information is collected about you and whether it is shared or sold with third parties. If you don’t check the fine print, you could unwittingly give websites and apps permission to collect, share, and sell your information.

8. Use a VPN

A virtual private network (VPN) can help keep your personal data safe by masking your IP address and location so your online activities can’t be tracked by data collection sites. VPNs also encrypt the data you send so it can’t be read by others if it’s intercepted.

9. Bolster privacy settings

Go through your online accounts, apps, mobile devices, and browsers to enhance privacy and security settings. For example, you can disable social profile search engine indexing and limit who sees your posts, disable cookies and location sharing, opt out of interest-based ads, and stop apps from accessing your mic, camera, photos, and documents.

10. Install antimalware software

Hackers can use malware to spy on your activities, steal your documents and photos, and log your keystrokes to get your login credentials. In other words, they can gain access to your personal information and post it online where data brokers can find it. Install anti-malware software to protect your devices from spyware and viruses.

Data brokers can and do expose your personal and sensitive data to other companies and individuals who are willing to pay for it. Even though they’re legal, information broker practices constitute severe privacy violations and put you at risk of becoming a victim of criminal activity. Follow the tips outlined here to protect your privacy and stop data brokers from sharing your information.