facebook-pixel

Data Brokers: Who Is Selling Your Personal Information in 2026

L
Lunyb Security Team
··10 min read

Every time you sign up for a newsletter, use a loyalty card, browse a website, or install a mobile app, someone is likely taking notes. That someone is often a data broker — a company you've probably never heard of that quietly builds detailed profiles about you and sells them to marketers, insurers, employers, political campaigns, and even government agencies. The data broker industry is estimated to be worth over $250 billion globally, yet most consumers have no idea how much of their personal information is being traded behind the scenes.

This guide explains exactly who data brokers are, what information they collect, how they profit from it, and — most importantly — what you can do to take back control of your digital identity.

What Are Data Brokers?

Data brokers are companies that collect personal information about individuals from a wide variety of sources, aggregate it into detailed profiles, and then sell or license that data to third parties. Unlike social media platforms or retailers, data brokers usually have no direct relationship with the people whose data they hold.

The industry includes household names like Acxiom, Experian, Equifax, TransUnion, Oracle Data Cloud, LexisNexis, CoreLogic, and Epsilon, along with hundreds of smaller specialized brokers. Some focus on marketing data, others on financial or health-related profiles, and a growing number specialize in "people search" websites that expose personal information in publicly searchable databases.

The Three Main Categories of Data Brokers

  1. Marketing and advertising brokers — sell demographic, behavioral, and lifestyle data to advertisers who want to target specific audiences.
  2. Risk mitigation brokers — provide data to banks, insurers, and employers for fraud detection, credit decisions, and background checks.
  3. People search sites — publicly display names, addresses, phone numbers, relatives, and other personal data (often to anyone with a credit card).

What Kind of Information Do Data Brokers Collect?

Data brokers build profiles that can contain hundreds — sometimes thousands — of individual data points per person. The scope is far broader than most people realize.

Common Data Points in a Broker Profile

  • Identity data: full name, date of birth, aliases, Social Security or national ID numbers, driver's license information.
  • Contact data: home address history, phone numbers, personal and work email addresses.
  • Financial data: estimated income, credit score ranges, mortgage details, bankruptcy history, investment activity.
  • Household data: family members, marital status, number of children, pets, home value.
  • Behavioral data: shopping habits, brand preferences, magazine subscriptions, charitable donations.
  • Digital data: browsing history, app usage, device identifiers, IP addresses, precise location trails.
  • Health-adjacent data: pharmacy purchases, fitness app data, self-reported conditions from online quizzes.
  • Political and religious inferences: likely voting behavior, religious affiliation, ideological leanings.

Perhaps more unsettling than the raw data is the inference. Brokers combine data points to make educated guesses — for example, tagging you as "likely diabetic," "expectant parent," "recently divorced," or "financially stressed." These inferred labels can shape the prices you see, the ads you're shown, and even the job opportunities you're offered.

Where Do Data Brokers Get Your Information?

The supply chain is enormous, and most of it operates legally. Here are the primary sources brokers rely on.

1. Public Records

Court filings, property records, marriage and divorce records, business registrations, voter rolls, and professional licenses are all fair game. Brokers scrape and index these at massive scale.

2. Commercial Transactions

Loyalty cards, warranty registrations, and purchase histories are frequently sold or shared. That "free" grocery discount card is one of the most efficient data collection tools ever invented.

3. Online Tracking

Cookies, tracking pixels, mobile SDKs, and fingerprinting scripts embedded on websites and apps feed continuous streams of behavioral data to ad-tech platforms, which then resell it.

4. Social Media and Public Profiles

Anything you post publicly — and sometimes information you thought was private — can be scraped, enriched, and packaged for sale.

5. Surveys, Quizzes, and Free Tools

"What kind of pizza matches your personality?" quizzes and free online tools are often data-collection funnels in disguise.

6. Data Partnerships and Second-Party Sharing

Companies you do business with — telecoms, airlines, retailers, insurers — often share or sell customer data through partnerships covered by lengthy terms of service.

Who Buys This Data — and Why?

The buyers are more diverse than you might think. Data broker customers include:

Buyer Category Typical Use Case Risk to You
Advertisers & marketers Targeted campaigns, audience modeling Manipulative pricing, filter bubbles
Banks & lenders Credit scoring, fraud detection Being denied credit due to inaccurate data
Insurance companies Underwriting, premium calculation Higher premiums based on lifestyle inferences
Employers & recruiters Background checks, sourcing Discriminatory screening
Political campaigns Voter targeting, persuasion Manipulation of political views
Law enforcement & government Investigations, surveillance Warrantless surveillance bypass
Scammers & fraudsters Identity theft, phishing Financial loss, account takeover

That last row is especially concerning. Investigations have repeatedly shown that criminals purchase broker data — sometimes from legitimate resellers who fail to vet buyers — to power sophisticated scams targeting the elderly, the recently bereaved, and financially vulnerable individuals.

Why the Data Broker Industry Is a Privacy Problem

Even when data brokers operate within the law, the aggregate effect on personal privacy is enormous. Here's why the industry raises serious concerns.

Consent Is Largely Fictional

Almost no one has knowingly agreed to have their profile sold. Consent is buried in terms of service, purchased through third-party partnerships, or bypassed entirely through public records scraping.

Data Is Frequently Inaccurate

Broker files often contain errors — wrong addresses, outdated employment, mistaken identities, or bad inferences. When those errors influence credit decisions or job screenings, consumers rarely know why they were rejected.

Sensitive Categories Slip Through

Data that appears innocuous individually (a pharmacy purchase, a fitness tracker reading, a website visit) can be combined to infer highly sensitive information about health, sexuality, immigration status, or political beliefs.

Breaches Are Common

Data broker breaches have exposed hundreds of millions of records — including the massive 2024 National Public Data breach that leaked Social Security numbers and address histories for a large portion of the US population.

What Laws Actually Protect You?

Regulation varies dramatically by region, and enforcement is uneven.

European Union — GDPR

The General Data Protection Regulation gives EU residents the right to access, correct, and delete personal data held by any company, including brokers. Consent must be explicit and freely given.

United States — Patchwork

The US has no comprehensive federal privacy law. Instead, state laws like the California Consumer Privacy Act (CCPA/CPRA), Virginia's VCDPA, Colorado's CPA, and Texas's TDPSA grant partial rights. California and Vermont maintain data broker registries.

United Kingdom — UK GDPR

Similar to the EU framework, with enforcement by the Information Commissioner's Office (ICO).

Canada — PIPEDA

The Personal Information Protection and Electronic Documents Act requires meaningful consent and provides access rights, though enforcement has historically been weak.

Australia — Privacy Act

The Privacy Act 1988 is under active reform to strengthen consumer rights against data brokers and grant a statutory right to sue for privacy breaches.

How to Reduce Your Exposure to Data Brokers

You can't disappear entirely, but you can dramatically reduce the amount of personal information brokers hold on you. Here's a practical plan.

1. Opt Out of Major Brokers

The biggest brokers all have opt-out processes, though they're intentionally cumbersome. Start with these:

  • Acxiom (opt-out portal)
  • Epsilon
  • Oracle Data Cloud
  • LexisNexis
  • CoreLogic
  • People search sites: Spokeo, BeenVerified, Whitepages, MyLife, Radaris, Intelius, PeopleFinder

Expect to repeat this process every 6–12 months, since brokers routinely re-add profiles from fresh sources.

2. Use Paid Removal Services (If You Value Time)

Services like DeleteMe, Kanary, Optery, and Incogni submit removal requests on your behalf across dozens or hundreds of brokers. They typically cost $75–$200 per year.

3. Minimize Data Collection at the Source

  • Use disposable or masked email addresses for signups.
  • Avoid loyalty programs, or use a dedicated phone number and email for them.
  • Turn off ad personalization and mobile advertising IDs on iOS and Android.
  • Block third-party cookies and use tracker-blocking browser extensions.
  • Consider a privacy-focused browser like Brave, Firefox with strict tracking protection, or Safari with intelligent tracking prevention.
  • Use encrypted DNS providers (like Cloudflare 1.1.1.1 for Families or NextDNS) to reduce network-level tracking.

4. Be Careful With Links and Shorteners

Many free link-shortening services log clicker data — IP addresses, device fingerprints, geolocation — and share or sell it to advertising networks. When you share links, use a privacy-respecting shortener. Lunyb is one option built with privacy in mind: it doesn't sell click data to third-party advertisers. If you want to compare the market, our 2026 URL shortener buyer's guide breaks down which services respect user data and which don't.

5. Exercise Your Legal Rights

If you live in a jurisdiction with privacy laws, use them:

  1. Submit a Data Subject Access Request (DSAR) to see what a broker holds.
  2. File a correction request for inaccurate data.
  3. Submit a deletion request ("right to be forgotten") where available.
  4. Report non-compliant brokers to your regulator (ICO, CNIL, FTC, state attorney general, OAIC, etc.).

6. Freeze Your Credit

In the US, freezing your credit at Equifax, Experian, TransUnion, and Innovis prevents new accounts from being opened in your name — a critical defense given that credit bureaus are themselves data brokers with poor security track records.

The Bigger Picture: Choosing Privacy-Respecting Services

Individual opt-outs help, but the most effective long-term strategy is to reduce your reliance on services that monetize personal data in the first place. Every time you choose a privacy-respecting alternative — a search engine that doesn't track queries, a messaging app with end-to-end encryption, a link shortener that doesn't profile your audience — you shrink the supply of raw material feeding the broker economy.

If you're a marketer, creator, or business owner sharing links at scale, your choice of tooling matters even more, because you're making a privacy decision on behalf of everyone who clicks. For a deeper look at how link-sharing platforms handle user data, see our honest review of Lunyb and our Rebrandly review for 2026.

Frequently Asked Questions

How do I find out what data brokers have on me?

Start by submitting Data Subject Access Requests to the largest brokers (Acxiom, LexisNexis, Experian, Oracle). In the EU and UK, GDPR requires them to respond within 30 days. In the US, CCPA gives California residents similar rights, and other states are catching up. You can also search your name on people search sites like Spokeo and Whitepages to see what's publicly listed.

Is it legal for data brokers to sell my information?

In most jurisdictions, yes — provided they comply with local privacy laws. The EU and UK require a lawful basis (usually consent or legitimate interest) and give consumers strong rights. The US has a patchwork of state laws with varying requirements. Selling certain categories, like precise health data or children's data, is more restricted, but enforcement gaps mean violations happen frequently.

Will opting out of data brokers actually work?

Partially. Reputable brokers honor opt-out requests, and you'll see your profile disappear from many people search sites within 2–6 weeks. However, brokers frequently re-add profiles from new data sources, so opt-outs must be repeated. Paid removal services automate this ongoing maintenance.

Are credit bureaus considered data brokers?

Yes. Equifax, Experian, and TransUnion are among the largest and most influential data brokers in the world. Beyond credit reports, they operate marketing data divisions that sell consumer profiles for advertising and risk assessment. Freezing your credit doesn't remove your data from their marketing databases — you have to opt out of those separately.

Can data brokers cause me real harm, or is this mostly annoying ads?

Real harm is well documented. Broker data has been linked to identity theft, predatory lending targeted at vulnerable people, discriminatory hiring, insurance denials, stalking, and even physical violence in cases where addresses of vulnerable individuals were exposed. Treating the issue as "just ads" significantly understates the risk.

Final Thoughts

The data broker industry thrives on invisibility. Most people don't know these companies exist, don't know what they hold, and don't know they have any rights to push back. Simply understanding the landscape — who the brokers are, how they collect data, and who buys it — is the first meaningful step toward regaining control.

You won't eliminate your digital footprint overnight, but a consistent combination of opt-outs, minimized data sharing, privacy-respecting tools, and use of your legal rights can dramatically reduce your exposure. In an economy where personal information is the product, choosing privacy is a form of quiet resistance — and it starts with knowing that the choice exists.

Protect your links with Lunyb

Create secure, trackable short links and QR codes in seconds.

Get Started Free

Related Articles