facebook-pixel

Data Brokers: Who Is Selling Your Personal Information in 2026

L
Lunyb Security Team
··10 min read

Every time you browse the web, sign up for a loyalty card, or install an app, invisible companies are watching. These companies—known as data brokers—compile detailed profiles about you and sell them to advertisers, insurers, employers, political campaigns, and sometimes even scammers. Most consumers have never heard of the firms holding their most sensitive information, yet the data broker industry generates over $250 billion in revenue every year.

This guide explains exactly who these data brokers are, what they know about you, how they make money from your personal information, and what you can do to reclaim your privacy.

What Are Data Brokers?

Data brokers are companies that collect, aggregate, and sell personal information about individuals without any direct relationship with those individuals. They operate largely in the shadows, harvesting data from public records, online behavior, purchase histories, social media, and thousands of other sources to build profiles used for marketing, risk assessment, and identity verification.

The industry is enormous. A single major data broker can hold thousands of data points on every adult in a country. These profiles are traded, licensed, and resold in ways that most people would find deeply unsettling if they understood the scale.

The Three Main Categories of Data Brokers

  1. Marketing data brokers — Sell audience segments to advertisers and brands (e.g., "new parents earning over $75k" or "cat owners with diabetes").
  2. Risk mitigation brokers — Provide fraud detection, identity verification, and background checks to banks, insurers, and employers.
  3. People search sites — Publish personal profiles (name, address, phone, relatives) directly to the public web, often for a small fee.

The Biggest Data Brokers Selling Personal Information

The data broker industry is dominated by a small number of massive corporations, plus hundreds of smaller specialized firms. Here are the key players you should know about.

Company Type What They Collect Annual Revenue (approx.)
Acxiom (LiveRamp)MarketingDemographics, purchase behavior, interests on 2.5+ billion people$650M+
ExperianCredit & MarketingCredit history, income estimates, lifestyle data$7B+
EquifaxCredit & RiskEmployment, credit, income verification$5B+
Oracle Data CloudMarketingCross-device tracking, audience segments$1B+ (segment)
CoreLogicProperty & RiskProperty records, mortgage history, tenant screening$1.9B+
LexisNexis Risk SolutionsRisk & LegalPublic records, legal history, identity verification$3B+
Spokeo, BeenVerified, WhitepagesPeople SearchNames, addresses, phone numbers, relatives$50M-$200M each

What Data Brokers Actually Know About You

The scope of information collected by data brokers is staggering. A single profile can contain thousands of individual data points spanning nearly every dimension of your life.

Categories of Personal Information Collected

  • Identity data — Full name, date of birth, Social Security number, driver's license, passport numbers.
  • Contact details — Current and past addresses, phone numbers, email addresses (including throwaways you've used only once).
  • Financial data — Estimated income, credit score ranges, debt levels, homeownership status, investment activity.
  • Health inferences — Predicted conditions based on purchases, prescription patterns, and search behavior.
  • Behavioral profiles — Websites visited, apps used, videos watched, articles read, ads clicked.
  • Location history — Where you live, work, shop, worship, and travel, sometimes down to the minute.
  • Political and ideological views — Party affiliation, donation history, cause-based interests.
  • Relationships — Family members, cohabitants, coworkers, and social connections.
  • Sensitive attributes — Sexual orientation, religion, ethnicity, and mental health inferences.

In many cases, brokers infer categories that you never disclosed. If you buy prenatal vitamins and download a period tracker, you get labeled as "likely pregnant"—and that label may be sold to hundreds of buyers.

How Data Brokers Collect Your Personal Information

Data brokers use dozens of collection methods, most of which happen without your knowledge or meaningful consent. Understanding these sources is the first step to shutting them down.

1. Public Records

Court filings, property deeds, voter registrations, marriage licenses, and business registrations are all legally public. Brokers scrape these records at scale and merge them with other datasets.

2. Commercial Transactions

Loyalty programs, warranty registrations, magazine subscriptions, and store credit card applications all funnel data to brokers. That free coupon in exchange for your email address? It's rarely free.

3. Web Tracking and Cookies

Third-party trackers embedded on millions of websites feed browsing behavior to broker databases. A single news site might load 30 or more trackers that all report back to different data-collection networks.

4. Mobile App SDKs

Free apps often integrate software development kits (SDKs) that vacuum up location data, contacts, and device identifiers. Weather apps, flashlight apps, and games have all been caught selling raw location feeds.

5. Data Partnerships and Purchases

Brokers buy from each other. If one company has your purchase history and another has your location, they merge datasets and both gain a richer profile.

6. Breaches and Leaked Datasets

Data from major breaches often ends up circulating on dark web forums, where some less scrupulous brokers acquire it and integrate it into their commercial products.

Who Buys Personal Information from Data Brokers?

The list of buyers is much broader than most people realize. It includes many legitimate businesses—but also actors whose interests may conflict with yours.

  • Advertisers and ad networks — Target audiences with precision-tailored campaigns.
  • Retailers and brands — Personalize offers, pricing, and email marketing.
  • Insurers — Assess risk and set premiums (sometimes controversially, using lifestyle inferences).
  • Employers and landlords — Screen applicants beyond standard background checks.
  • Financial institutions — Verify identity and detect fraud.
  • Political campaigns — Micro-target voters based on inferred beliefs.
  • Debt collectors and process servers — Locate individuals.
  • Government agencies — Buy data they would need warrants to collect directly.
  • Scammers and stalkers — People-search sites make it trivial to find someone's home address for a few dollars.

The Real-World Risks of Data Broker Activity

The consequences of unchecked data broker activity go far beyond annoying ads. They include measurable financial, physical, and psychological harm.

Identity Theft and Fraud

Detailed profiles make it easy for criminals to answer security questions, impersonate you on phone calls, or open accounts in your name.

Discriminatory Pricing

Retailers and travel sites use broker data to charge different prices to different users based on inferred willingness to pay.

Stalking and Harassment

People-search sites have been directly linked to stalking cases, domestic violence tragedies, and doxxing campaigns. Victims often have to spend months or years opting out of dozens of sites.

Insurance and Employment Consequences

Inferred data can influence insurance premiums, loan approvals, and hiring decisions—sometimes based on inaccurate or outdated information you can't easily correct.

Erosion of Autonomy

When companies know your emotional triggers, financial pressures, and vulnerabilities, they can shape your behavior in ways that serve their interests rather than yours.

How to Protect Yourself From Data Brokers

You cannot make yourself invisible, but you can dramatically reduce the amount of personal information that data brokers collect and sell. The following steps offer the highest return on effort.

1. Opt Out of Major Data Brokers

Most large brokers offer opt-out procedures, though they often bury them intentionally. Prioritize:

  • Acxiom / LiveRamp opt-out portal
  • Experian marketing opt-out
  • Oracle Data Cloud opt-out
  • Spokeo, BeenVerified, Whitepages, Radaris, MyLife, PeopleFinder (individually)

Paid removal services can automate this process across hundreds of sites if you prefer not to spend weekends filling out forms.

2. Exercise Your Legal Rights

If you live in the EU, UK, California, Colorado, Virginia, or a growing number of other jurisdictions, you have the legal right to request access, deletion, and opt-out of sale. Send formal requests under GDPR, CCPA/CPRA, or your local law.

3. Lock Down Your Browser

Use a privacy-respecting browser (Brave, Firefox with strict tracking protection, or Safari), block third-party cookies, and install an ad and tracker blocker such as uBlock Origin.

4. Use Encrypted DNS

Configure your device to use encrypted DNS (DNS over HTTPS or DNS over TLS) with a privacy-focused resolver. This prevents your internet provider and network observers from logging every domain you visit and selling that data.

5. Minimize Data at the Source

Use email aliases, throwaway addresses, and virtual card numbers when signing up for services. Skip loyalty programs unless you genuinely value the rewards. Refuse to give your phone number at the register.

6. Be Careful With Links You Share

Many raw URLs contain tracking parameters that leak information about you. When sharing links publicly or on social media, use a privacy-conscious link shortener like Lunyb that doesn't harvest personal data from every click. You can read our honest review of Lunyb or compare options in our 2026 URL shortener buyer's guide.

7. Freeze Your Credit

Placing a security freeze at Equifax, Experian, and TransUnion blocks most new-account fraud even if your data is exposed. Freezes are free and reversible.

8. Audit Your Mobile Apps

Review app permissions monthly. Revoke background location access, contact list access, and advertising ID access wherever possible. Delete apps you no longer use.

The Regulatory Landscape in 2026

Regulation of data brokers is finally catching up, though enforcement remains uneven. The EU's GDPR sets the strongest standard, with recent updates targeting inferred and derived data. California's Delete Act now requires data brokers to honor a single unified deletion request through a state-run mechanism. Similar laws are advancing in Texas, Oregon, and the UK.

However, enforcement is slow and penalties are often trivial compared to broker revenues. Until regulators impose fines large enough to affect business models, the burden of protecting personal information still falls heavily on individuals.

Frequently Asked Questions

Is it legal for data brokers to sell my personal information?

In most jurisdictions, yes—provided the broker complies with applicable privacy laws. In the EU, UK, and increasingly in US states like California, Colorado, and Virginia, brokers must offer opt-out mechanisms and honor deletion requests. However, in many places brokers can still collect and sell data by default until you take action.

How can I find out what data brokers know about me?

You can submit a data access request (called a Subject Access Request under GDPR or a "right to know" request under CCPA) to any broker. Start with the largest ones—Acxiom, Experian, Oracle, LexisNexis—and work down. Some people-search sites also let you search yourself directly for free.

Do paid data removal services actually work?

They work reasonably well for people-search sites, which are the most visible privacy threat. They are less effective against large marketing brokers because those companies constantly re-acquire your data from other sources. Removal should be treated as an ongoing maintenance activity, not a one-time fix.

Can I sue a data broker for selling my information?

In limited circumstances, yes. Some laws (like California's CCPA) allow private lawsuits for certain breaches. Class actions against brokers have grown in recent years, particularly after major leaks. Consult a privacy attorney if you believe your data was mishandled in a way that caused measurable harm.

Will opting out actually stop targeted ads?

It will reduce them significantly, but not eliminate them entirely. Some tracking happens through channels not covered by opt-outs (such as contextual advertising or first-party site data). Combining opt-outs with browser-level tracker blocking gives the best result.

Final Thoughts

Data brokers built a multi-billion-dollar industry by turning your daily life into inventory. The good news is that awareness is growing, laws are tightening, and practical tools for reclaiming privacy have never been more accessible. You will not opt out of the digital economy entirely—but with a weekend of focused effort and a few permanent habit changes, you can shrink your data footprint dramatically and take back meaningful control over who profits from your personal information.

Protect your links with Lunyb

Create secure, trackable short links and QR codes in seconds.

Get Started Free

Related Articles