Your data, their profit: How data brokers hijack your personal information and what you can do about it

PeopleImages // Shutterstock

 

Every time you sign up for a loyalty program, download an app, browse a website, or even register to vote, you may accidentally be contributing to a largely invisible industry that trades in your personal information.

Known as data brokers, companies collect, analyze, package, and then sell your consumer data to advertisers, insurers, lenders, and more. In some cases, this information may even fall into the hands of those who intend to commit fraud or identity theft.

The scale of this issue is truly staggering. For that reason, Lifeguard analyzed data and reports from leading sources, including Javelin, Security.Org, LifeLock Norton, the Consumer Financial Protection Bureau, and more, to show how millions of Americans experience identity fraud each year. Losses also reach into the tens of billions of dollars annually. Understanding how this system works is critical. Once you know how your information is gathered, sold, and exploited, you can take practical steps to protect yourself.

This guide breaks down the data-broker ecosystem and explains how it contributes to fraud, providing actionable ways to reduce your data footprint and safeguard your identity.

What are data brokers and how do they operate?

Understanding the long-term impacts of losing your data starts with understanding what data brokers actually are. In short, these are companies that collect, aggregate, analyze, and sell personal information about individuals. Typically, this occurs without direct interaction or the person whose information is being sold’s consent. Data collected by data brokers can vary but could include:

• Full names, addresses, and phone numbers
• Email addresses and social media activity
• Purchase history and browsing behavior
• Financial data and income estimates
• Property ownership and public records
• Location data from apps and devices
• Health and lifestyle indicators

Some brokers specialize in marketing data, whereas others create detailed consumer profiles used in risk scoring, insurance pricing, or even background screenings. There is no way to know where your data may end up. Given the extent of an individual’s available personal information, the methods data brokers use to collect this data involve a complicated web of tactics.

Here are a few key ways in which your data may be exposed:

1. Public records: Anything from property filings, voter registrations, and court documents
2. Commercial transactions: Everyday retail purchases, subscriptions, and loyalty programs
3. Online tracking: Not disabling cookies, logged-on device IDs, and behavioral tracking software
4. Third-party partnerships: Buying and selling datasets among companies

Data brokers often combine hundreds of thousands of data points to create detailed profiles that predict behavior and preferences. This industry itself is worth billions of dollars annually.

While many brokers operate legally, critics argue that transparency is limited and oversight remains inconsistent, especially considering how rampant identity theft has become. In March 2025, Javelin and Strategy Research, an independent financial research firm, reported that consumers lost an estimated $27.2 billion to identity fraud in 2024 alone, which was a 19% increase from the prior year.

How data brokers fuel fraud and identity theft

The very same data that helps advertisers target consumers can also be weaponized by scammers. Stolen or purchased data often ends up on underground markets or on the dark web, where criminals can use it for nefarious purposes. This could be opening fraudulent credit accounts, filing fake tax returns, committing medical identity theft, conducting phishing and social engineering scams, taking over online accounts, and so much more.

Identity thieves rarely need complete records. Rather, they can assemble profiles from multiple sources. Even partial datasets containing birthdates, past addresses, or family relationships could be enough to bypass a security check on a site that isn’t thorough with its cybersecurity.

Once data is leaked or sold, there’s no surefire way to stop it from appearing on underground marketplaces. These sites can sell everything from email lists to full identity packages, including social security numbers, bank account credentials, credit card details, and more, all stolen from aggregated data collected via brokers.

Recent enforcement actions and major settlements

The potential ramifications of data brokers haven’t slipped by federal and state governments. In late 2024, the Consumer Financial Protection Bureau proposed rules aimed at limiting the sale of sensitive personal data by citing concerns that the availability of large-scale data increases risks for identity theft and fraud. The proposed rule was meant to address the following:

1. Treat data brokers just like credit bureaus and background check companies: Companies that sell data on income or financial tier, credit history, credit score, or debt payments are consumer reporting agencies required to comply with the Fair Credit Reporting Act, regardless of how the information is used.
2. Protect consumers’ personal identifiers from abuse and misuse: When consumer reporting agencies collect information such as names, addresses, or ages for credit reports, any subsequent sale of that information is covered by the FCRA’s protections.
3. Require clear consumer consent for data sharing: Under the proposed rule, companies relying on consumers’ consent to obtain or share a consumer’s credit report would need separate, explicit authorization, rather than burying permissions in fine print.

Ultimately, though, this measure was never passed. In mid-2025, the Bureau withdrew the proposed rule, finding it unnecessary and misaligned with the agency’s revised interpretation of the Fair Credit Reporting Act. There were also concerns about the broader enforcement and compliance expansion that would have been required, demonstrating that federal regulation is still evolving.

Despite the disappearance of this proposed rule, state governments across the country have taken steps to try and protect consumers. California, for example, has implemented the California Consumer Privacy Act and California Privacy Rights Act, both of which were intended to restrict the breadth of data that brokers could collect.

Even though all these efforts are in place, many experts still argue that enforcement gaps persist due to the complexity and global nature of data markets, as well as the industry’s relative newness.

Step-by-step guide: Reducing your data footprint

With federal and state protections still evolving, the best defense for consumers is a proactive offense. Eliminating your digital footprint is nearly impossible, but you can significantly reduce your exposure. This can be done in four steps:

1. Identify data broker listings

The best way to start is to search for your name and common identifiers, as well as to use consumer resources that list the most well-known data brokers. Make a note of any of these sites and whether you use them now or have used them in the past. If you have used them in the past, you can opt out. If you have not used them before, write them down and avoid them in the future to protect your data.

2. Submit opt-out requests

Most data brokers provide opt-out forms, although the process can be time-consuming. This results in many consumers just agreeing to allow their data to be used, since opting out typically requires verifying your identity, locating your profile, submitting the request, and confirming. However, if you have major concerns, it’s an effort well worth the time.

3. Use state-specific tools to streamline requests

Some states offer services that allow you to streamline your opt-out request. For example, California offers its Delete Request and Opt-Out Platform (DROP), which centralizes requests and reduces repetitive paperwork. It’s also free to use. Availability of such services varies by state, so start by checking your state government site.

4. Limit future data collection

Proactively reducing your data sharing is another excellent way to shrink your data footprint going forward. Simple steps like adjusting app privacy settings, limiting social media sharing, using privacy-focused browsers, avoiding unnecessary account registrations, and opting out of marketing lists wherever possible can help with this objective.

Monitoring your ongoing data exposure

Reducing future exposure is only one part of identity protection, considering much of your data is likely already on the internet. Monitoring your ongoing exposure can help you identify and address problems early. To that end, there are some quick tips that can help you stay on top of your data:

1. Check your credit report: Under federal law, consumers can obtain free credit reports through AnnualCreditReport.com and via guidance from the Federal Trade Commission’s Consumer Advice Center. Reviewing your report can help you flag unfamiliar accounts or inquiries.
2. Consider dark web monitoring platforms: Various companies continually scan underground forums for exposed credentials or personal data and can alert you if something is amiss.
3. Evaluate identity protection services: If you choose to invest, compare offers based on the breadth of services, including credit monitoring coverage, insurance reimbursement policies, dark web scanning capabilities, and fraud resolution support.

It’s nearly impossible to remove all of your data from the internet in today’s day and age, but catching a problem before it worsens can help you reduce monetary loss in the event of fraud.

Key warning signs your data has been compromised

Identity theft often begins with subtle signs, but they aren’t difficult to spot if you know what you’re looking for. Keep a close watch for any of the following:

• Unexpected credit card charges
• Bills or accounts you don’t recognize
• Credit score drops without explanation
• Debt collection calls for unfamiliar accounts
• Login alerts from unknown devices
• Missing mail or account statements
• Tax returns rejected due to duplicate filing

If you notice any of these signs, it’s not a guarantee that your data or identity has been stolen, but it should be enough to raise an eyebrow and not overlook it. Should you believe your personal information has been exposed, take immediate steps to minimize the damage. Start by filing a report through IdentityTheft.gov, which will provide customized recovery plans and documentation.

You should also place a fraud alert with all your lenders so that your identity is verified before any credit is provided. Similarly, consider a credit freeze that will block access to credit reports entirely. These may not prevent account takeovers, though, so implementing a credit freeze should be done in conjunction with other strategies.

Next, contact banks, credit card issuers, loan providers, insurance companies, and other relevant entities to stop the approval of fraudulent charges. Finally, change all your passwords and ensure multi-factor authentication is enabled on all of your accounts, but especially banking apps, email accounts, and any account connected to payment services. For businesses, the Federal Trade Commission outlines a clear guide on how to respond to a data breach.

Protecting your data in the 21st century

The modern economy runs on data, and data brokers sit at its center. While many data brokers operate legally, the massive circulation of personal information creates opportunities for scammers and identity thieves. Identity fraud is not poised to slow down, as personal data becomes more accessible and interconnected. It is important to stay vigilant. The good news is that consumers are no longer powerless and can make use of state tools to help tackle data theft.

By understanding how the data-broker industry works, monitoring your digital footprint, and acting quickly when threats appear, you can significantly reduce your risk. Protecting your identity isn’t a one-time task, though, but rather an ongoing process. With the right knowledge and tools, you can turn the tables on data brokers and keep your personal information where it belongs: under your control.

This story was produced by Lifeguard and reviewed and distributed by Stacker.