What Are Data Brokers? How They Put Your Privacy at Risk

October 10, 2025

The data broker industry runs on a grey-area business model, propped up by weak privacy laws — but there are steps you can take to protect your data.

What Do Data Brokers Do?

Data brokers are businesses that collect, package, and sell personal data to other businesses, government agencies, and even individuals.

Brokers operate in a legal grey area, collecting and repackaging publicly available information from various sources including public records, social media profiles, and government databases.

Data brokers use the information they collect for numerous purposes. But the most common types of data brokers include:

Marketing and advertising brokers. Data brokers such as Acxiom and Epsilon collect and sell demographic information, personal preferences, and consumer information histories to advertisers so that they can send you targeted ads.
People search sites. Data brokers like Spokeo and Whitepages create and sell user profiles, which could include your contact information, employment history, and family connections. These profiles can be used to perform background checks or reveal your contact details.
Financial information and risk mitigation brokers. Brokerages including Equifax and Experian compile financial information about people to develop credit and risk ratings for financial institutions, insurance companies, and other lenders.
Personal health information brokers. Brokers such as IQVIA collect patient records, track prescription sales, and monitor health-related behaviors to inform clinical research, pharmaceutical, and medical marketing initiatives.
Location brokers. Data brokers such as Cuebiq and SafeGraph track GPS and app-based location data to build traffic, travel, and demographic models for retailers and government agencies.

The Privacy Rights Clearinghouse Data Broker Database identified at least 750 unique data brokerages operating in the United States in 2025. But with no federal data privacy laws in place, the full number of data brokers, and the risk they place on your personal privacy, is nearly impossible to quantify.

In this guide, we’ll explain how data brokers get your personal information, the risks they pose, and how you can start to remove your data from their databases and protect your privacy.

Pro tip: Remove your personal data from over 30 data brokers for free. Aura’s free data broker removal tool can send automatic data removal requests on your behalf to over 30 data brokers.

How Data Brokers Get Your Personal Information

Data brokers use various sources and data collection methods to compile in-depth profiles. One of the largest data brokers in the world, Acxiom, claims to have profiles of more than 300 million Americans — with each including over 10,000 unique consumer attributes.

The most common sources that data brokers use to collect data about you include:

Public records. Data gathered from government databases and public sources, such as voter registration, court filings, and real estate records.
Online tracking. Information collected from online activities, including search engine queries, social media posts and profiles, and mobile app usage captured via cookies, trackers, and permissions.
Retailers and commercial sources. Consumer data from user accounts, subscriptions, and transaction histories that come from retailers, internet service providers, and other data brokers.
Self-reported data. Data that users give up willingly through online forms, surveys, and social media profiles.
Inferred data. Information about your preferences, interests, and affiliations generated by using patterns and predictions based on your browsing and purchase history.

While some data brokers make this information publicly available to anyone who searches your name, many others operate in the shadows, selling aggregated user data to companies and agencies.

What Information Do Data Brokers Collect?

Data brokers collect active and passive types of data. This includes information you freely provide to online services and government agencies, as well as insights that can be gleaned from your online activities.

While not an exhaustive list, data brokers may store the following information about you:

Full name and aliases
Birth certificate information (gender and date of birth)
Current and former addresses
Phone numbers and email addresses
Social Security number (SSN)
Educational background
Occupation, employer, and previous jobs
Marital status and known family members
Personal interests and hobbies
Online browsing history and trends
Buying and browsing habits
Credit card transactions
Home, mortgage, and asset information
Healthcare information and histories
Credit scores

Many data brokers combine and aggregate anonymized information into detailed consumer profiles and marketing segments, such as "millennial gamers" or "new parents." People search sites, however, deal in collecting and selling personally identifiable information (PII).

While any of this data can be used against you, the information that can be traced directly to you is the most dangerous.

⚡️Aura can remove your data from data broker lists, Google search results, and more. Sign up for Aura’s data removal service, free for 14 days, and regain control of your sensitive information. Aura is rated #1 by Security.org.

Are Data Brokers Legal?

Yes. In the United States, there is no comprehensive federal law that prevents data brokers from collecting, packaging, and selling your personal information — especially if it comes from public sources or permissions buried in terms of service agreements.

Recent Pew Research data shows that nearly all Americans want more regulations in place to protect personal information.

However, while better protections have been proposed, such as the American Privacy Rights Act of 2024, current safeguards are limited to only certain types of data and state-level regulations.

For example, the HIPAA Privacy Rule prevents data brokers from getting your protected health information from HIPAA sources.

At the state level, the California Consumer Privacy Act (CCPA) gives Californians the right to know what information is being collected, opt out of data collection, and have their information deleted. Other states have enforced data broker registries, including Vermont, Texas, and Oregon, to help get a handle on the industry.

Despite all of these efforts, the United States lags far behind other countries and continents when it comes to robust data privacy laws. For example, the European Union’s General Data Protection Regulation (GDPR) requires organizations to be open and transparent about data collection and user consent.

What Are the Biggest Risks of Data Brokers?

With little legal oversight and massive troves of personal data available to them, data brokers pose a significant risk to consumers.

Broker databases are often prime targets for hackers, as they contain sensitive information from millions of people. For example, the 2024 National Public Data (NPD) breach exposed the personal data of more than 170 million people — including SSNs and email addresses.

Here are a few examples of additional risks that come from data brokers:

Invasion of privacy

Data brokers can publish your address, phone number, and contact information for everyone to see. This could make you the victim of stalking, harassment, doxxing, unwanted advertising, and unethical employer background checks.

In 2021, U.S. senators Amy Klobuchar (D-MN) and Lisa Murkowski (R-AK) urged the Federal Trade Commission (FTC) to help make it easier for victims of domestic abuse to remove their information from people search sites.

Identity theft and fraud

The sensitive information stored by data brokers can be used to commit identity theft, financial fraud, and other sophisticated scams. Even worse, data broker databases become a single point of failure for massive amounts of data.

In 2025 alone, massive data breaches have occurred at data broker sites, including TransUnion (4.4 million victims) and LexisNexis (364,000 victims).

Power abuses

Financial information brokers are governed by the Fair Credit Reporting Act (FCRA), which limits what they can do with consumer data like credit reports. However, credit reporting agencies often also provide products and services that fall outside of the scope of the FCRA — such as selling consumer financial data to marketers and advertising firms.

According to Justin Sherman, a senior fellow at Duke University’s Sanford School of Public Policy, this means that your financial data, which should be protected, could be used to “help insurance companies profile and run advertisements to consumers.”

Surveillance risks

Data brokers can release people's information to governments and law enforcement agencies without their knowledge or consent, potentially sidestepping due process and the legal requirement to acquire warrants.

Most recently, an investigation from 404 Media uncovered that the U.S. Customs and Border Protection (CPB) and Immigration and Customs Enforcement (ICE) agencies were secretly purchasing flight data from the data broker Airlines Reporting Corporation (ARC).

🛡️Aura protects your privacy, identity, and devices. Aura’s all-in-one solution can remove your personal data from over 140 data brokers — and helps prevent it from being leaked in the first place. Try Aura free for 14 days.

How Do You Remove Your Personal Information From Data Broker Sites?

The good news is that you can usually remove your information from public data broker sites via manual opt-out requests.

The bad news is that this is typically a lengthy, complicated, and slow process — with no guarantee that your data will be fully removed (and won’t be re-added in the future).

Brokers often have duplicate accounts, use outdated contact information to confirm your identity, or may even ask for more personal information to remove your profiles.

Here’s how to manually remove your information from public data broker sites:

Search for known data brokers on the Privacy Rights Clearinghouse Data Broker Database
Click on the link to the data broker’s privacy page, and follow the opt-out instructions
If there is no direct link to the broker’s opt-out page, search Google for “[data broker name] opt-out”

If you don’t have the time or patience to repeat this process hundreds of times, you may want to choose an automatic data broker removal tool.

For example, Aura’s data removal tool sends opt-out requests on your behalf to over 140 data brokers and people search sites (and checks daily to see if they’ve re-added your information). Aura can also check search results for your sensitive data and send removal requests to Google. You can even try Aura free for 14 days to start protecting your privacy today.

📚 Related: The 9 Best Incogni Alternatives Right Now →

How To Protect Your Personal Data From Data Brokers

With the sheer number of data brokers operating around the world — many without even a public website — it’s nearly impossible to completely remove your personal information from the internet. Instead, you’re better off limiting the data that they can get their hands on in the first place (and let a service like Aura handle opt-out requests on your behalf).

Here’s how to proactively protect your information from being leaked online:

Share less of your information. Everything you share and do online adds to your digital footprint, which can then be used by data brokers. Try cutting back on the personal information you provide to accounts and apps, and limit what you post online.
Check for data security leaks. You can check for leaked passwords (and other personal information that could be used by bad actors) by using an online scanner, such as Aura's free data breach scanner.
Strengthen your account security. Change any compromised, reused, or weak passwords to strong and unique combinations of numbers, symbols, and uppercase and lowercase letters. Activate two-factor authentication (2FA) on sensitive accounts — such as your online banking, email, and social media accounts.
Review your privacy settings. Most online accounts offer privacy protections, such as limiting what data is saved and who can see your information. Review these settings, and tighten them to reduce your visibility and exposure.
Clean up your accounts. All the information you've provided to accounts and apps over the years is still out there — and still vulnerable. Simply deleting the app won't remove your information, but logging in and deleting the account might.
Delete your online data. When you discover sensitive information online, submit a Google removal request to prevent it from appearing in search engine results (Aura can do this automatically for you). You can also reach out to the website owners or administrators and ask them to take it down — but know that they’re under no obligation to comply.
Protect your browsing history. You can block online trackers by using ad-blockers and anti-tracking tools, blocking third-party cookies, and hiding your browsing activity with a virtual private network (VPN) or a privacy-focused browser.

The data broker industry runs on a grey-area business model propped up by weak privacy laws and consumer inaction. But the risks are real and threaten every American's privacy, security, and identity.

Aura can help you fight back — offering privacy-focused features such as automatic data broker opt-outs, Google search removals, a military-grade VPN, anti-track and ad-blocker tools, and more.

🔒Aura protects your online privacy, identity, and data — try it free for 14 days.

Try Aura’s online safety features risk-free. If you don’t feel safer after signing up for Aura, we offer a 60-day money-back guarantee on all annual plans — no questions asked. See pricing.