Data brokers are legal businesses. They operate in the open, maintain websites, and in many cases comply with removal requests when asked. But the data they collect and sell enables serious, documented harm. The question is not whether your personal information is available online -- it almost certainly is. The question is who is accessing it and what they are doing with it.

There are roughly 4,000 data broker companies operating in the United States. The largest people-search sites receive tens of millions of visitors per month, and their business model is straightforward: aggregate public records, voter registrations, property filings, court records, and commercial data, then sell access to anyone who wants it. No background check on the buyer. No notification to the subject. Here are seven documented ways that model causes real harm.

1. Stalking and Physical Safety

People-search sites publish current and historical addresses, phone numbers, and the names of known associates. For anyone fleeing domestic violence, dealing with a stalker, or living under a restraining order, this is a direct threat to physical safety. A determined person can find someone's current address in minutes for under ten dollars.

The FTC has documented cases where data broker information was used to locate and harm domestic violence survivors. Address Confidentiality Programs exist in every US state, but most people who need them do not know they exist, and the programs do not cover the dozens of data brokers that independently publish residential addresses.

Public figures, healthcare workers, judges, law enforcement officers, and social workers all face elevated risk. Several states have passed laws allowing certain professions to request removal, but these laws cover a fraction of the population and a fraction of the brokers. The fundamental problem remains: your physical location is treated as a commodity, sold without your knowledge or consent.

2. Spam Calls and Robocalls

Americans received an estimated 50 billion robocalls in 2024. The Do Not Call Registry, maintained by the FTC since 2003, has proven largely ineffective. Scammers ignore it entirely, and political campaigns, charities, and survey firms are exempt. The supply chain behind phone spam runs directly through data brokers.

50+ billion robocalls per year in the US. Data brokers are the primary supply chain. Your phone number is sold, resold, and aggregated across dozens of databases. Removing it from one broker does not stop the others.

When you list a phone number on a data broker site, it becomes available to telemarketers, lead generators, and anyone willing to pay for a list. Even if you have never given your number to a broker directly, it can be harvested from public records, warranty registrations, loyalty programs, and the data-sharing agreements buried in terms of service you agreed to without reading. The only reliable way to reduce phone spam is to remove your number from the brokers that sell it.

3. Targeted Phishing and Social Engineering

Generic phishing emails are easy to spot. But when an attacker knows your full name, home address, employer, and the names of your family members, the message gets much more convincing. "Hi Robert, this is Chase Fraud Prevention calling about unusual activity on your account ending in 4821. We show your address as 142 Maple Street -- can you confirm?" That level of detail comes from data broker profiles.

The FBI's Internet Crime Complaint Center (IC3) ranks phishing as the #1 cybercrime by victim count, with over 300,000 complaints filed annually. Spear phishing -- targeted attacks using the victim's real personal information -- has a significantly higher success rate than generic phishing.

Business email compromise (BEC), a form of social engineering, cost organizations over $2.9 billion in reported losses in 2023 alone. These attacks typically begin with reconnaissance, and data brokers provide the raw material. An attacker can look up a company executive's home address, phone number, and family members, then use that information to impersonate them or to craft a pretext that bypasses security training.

4. Price Discrimination

Insurance companies, online retailers, and financial services firms use data broker profiles to segment customers and adjust pricing. If a broker's data suggests you live in a high-income zip code, you may see higher prices. If your profile indicates health conditions or risky behaviors, your insurance premiums may be adjusted accordingly. This happens without your knowledge and, in most cases, without violating any law.

A 2023 FTC report found that major data brokers sell consumer data categorized by inferred income, health conditions, and financial vulnerability. These segments are used for pricing decisions that consumers cannot see, challenge, or opt out of.

Unlike credit reports, which are regulated under the Fair Credit Reporting Act (FCRA), data broker profiles used for marketing and pricing purposes often fall outside FCRA protections. There is no requirement to disclose that your price was influenced by broker data, no dispute process, and no right to see what profile was used. The result is a pricing system where different customers pay different amounts based on information they never consented to share.

Wondering how exposed you are? Delist.ai scans 1,000+ data broker sites and shows exactly where your personal information appears.

Check your exposure free →

5. Employment and Housing Discrimination

Landlords and employers increasingly turn to people-search sites for informal background screening. A quick search reveals arrest records, past addresses, known associates, and estimated income. Unlike formal background check services, which are regulated under the FCRA and require disclosure and consent, people-search sites operate without those protections.

When a landlord uses a people-search site to screen tenants, the applicant has no right to know the search occurred, no right to see the results, and no process to dispute inaccurate information. Using broker data this way likely violates the FCRA, but enforcement is rare.

The impact falls disproportionately on people with common names (who get confused with others who share their name), people with old arrest records that never led to convictions, and people whose broker profiles contain outright errors. A 2021 Consumer Reports study found that a significant percentage of people-search profiles contain inaccuracies that could affect employment or housing decisions. Because these searches happen informally, the subject never learns why they were passed over.

6. Identity Theft Facilitation

Identity theft requires a surprisingly small set of personal details. A full name, date of birth, and current address are often enough to open a credit card, file a fraudulent tax return, or take over an existing account. Data broker profiles routinely expose all three, and frequently include partial Social Security numbers, known relatives, and previous addresses -- exactly the information used to answer security verification questions.

The FTC received 1.4 million identity theft reports in 2023. "Fullz" packages -- complete identity profiles sold on dark web markets -- are assembled partly from data broker sites that anyone can access.

The connection between broker data and identity theft is well-documented. Security researchers have demonstrated that data broker profiles provide enough information to pass "knowledge-based authentication" -- the security questions your bank asks when you call in. "What street did you live on in 2015?" is not a security question when the answer is published on a dozen people-search sites. Every piece of personal information a broker exposes is one more tool for an identity thief.

7. Reputation Harm from Inaccurate Records

Data brokers do not verify the information they publish. They aggregate it from public records, commercial databases, and other brokers, then publish it under your name. When the data is wrong -- and it frequently is -- you bear the consequences.

Independent analyses estimate that 20-30% of data broker profiles contain meaningful errors -- wrong addresses, incorrect ages, criminal records belonging to a different person with the same name, or merged profiles that combine two people into one.

Name collisions are particularly damaging. If someone with your name has an arrest record, that record may appear on your broker profile. Old information persists indefinitely: addresses you left a decade ago, employers you have not worked for in years, phone numbers you no longer own. These errors get sold and resold across the broker ecosystem, propagating from one site to dozens. Correcting inaccurate records is difficult because there is no single point of contact -- you must dispute the data separately with each broker that publishes it, and even then, the corrected data may be overwritten the next time the broker refreshes its database.

What You Can Do

The data broker industry is not going away, and waiting for legislation to solve the problem means waiting years while your information remains exposed. There are concrete steps you can take now to reduce your risk.

1. Opt out of the major brokers

The top 40-50 people-search sites account for the vast majority of consumer lookups. Each one offers an opt-out process, though the difficulty varies from a simple email to a multi-step verification that takes weeks. Start with the sites that rank highest in search results for your name. Our guide on how to remove yourself from data brokers walks through the process for the most common sites.

2. Use a removal service for ongoing coverage

Opting out is not permanent. Brokers re-list profiles within 3-6 months as they ingest new data. A removal service monitors your presence across broker sites and submits removal requests on an ongoing basis. This is the only practical way to stay removed from dozens of sites simultaneously without dedicating hours every month to the process.

3. Minimize new data exposure going forward

Every form you fill out, loyalty program you join, and app you install is a potential data source for brokers. Reducing new data exposure limits what brokers can collect about you in the future. Read our data minimization guide for practical steps you can take without becoming a hermit.

Frequently Asked Questions

Can data brokers be held liable for harm caused by their data?

In most cases, no. Data brokers generally enjoy legal protection because they aggregate publicly available information. The Fair Credit Reporting Act (FCRA) imposes liability on companies that sell data for credit, employment, or housing decisions, but most people-search sites include disclaimers stating their data should not be used for those purposes -- even though they know it is. Some state laws, particularly California's Delete Act (SB 362), are beginning to create enforcement mechanisms, but federal regulation remains minimal. A few lawsuits have succeeded when brokers were shown to have directly facilitated stalking or harassment, but these cases are rare and expensive to pursue.

Are data brokers responsible for stalking?

Data brokers are not legally classified as responsible parties in stalking cases, but they provide the tools. When someone uses a people-search site to locate a victim's current address, the broker facilitated the harm even if they did not intend it. Some brokers offer expedited removal for victims of domestic violence or stalking, but this requires the victim to proactively find and contact each broker individually -- often dozens of sites. Several advocacy organizations have called for mandatory expedited removal processes, but no federal law currently requires it.

How do I protect myself from phishing that uses my broker data?

The most effective defense is reducing the amount of personal data available to attackers. Remove your profiles from major data broker sites to eliminate the most accessible source. Beyond removal, treat any unsolicited contact that references your personal details with suspicion, even if the details are accurate. Banks and government agencies will never ask you to verify sensitive information over an inbound call. If in doubt, hang up and call the organization directly using the number on their official website or your card.

Can I remove criminal records from data broker sites?

If the records are accurate and sourced from public court records, brokers are generally not required to remove them (and most will not). However, if the records are inaccurate -- for example, they belong to a different person with your name, or they reflect a charge that was dismissed or expunged -- you can request removal and cite the inaccuracy. The process is often slow and frustrating. If you have had a record expunged by a court, you may have legal grounds to compel removal, but enforcement varies by state. For records that are accurate but old, some brokers will remove them voluntarily if you can show the record has been sealed or enough time has passed.

Do data brokers sell information about children?

Most major people-search sites do not intentionally publish profiles for minors, but children's information can appear in other ways. They may be listed as "known associates" or "possible relatives" on a parent's profile, or their data may be collected through apps, games, and online services that share information with data brokers. The Children's Online Privacy Protection Act (COPPA) restricts data collection from children under 13, but enforcement is inconsistent, and brokers that aggregate public records rather than collecting data directly from children may not fall under COPPA. Several state laws are expanding protections for minors' data, but gaps remain.

What is the FTC doing about data brokers?

The FTC has taken several enforcement actions against data brokers, including cases against companies that sold data to stalkers, failed to protect sensitive information, or misrepresented their data practices. In 2024, the FTC took action against multiple brokers for selling geolocation data that could be used to track visits to sensitive locations. The agency has also published reports calling for stronger regulation of the industry. However, the FTC's enforcement authority is limited without new legislation. The American Data Privacy and Protection Act (ADPPA) and similar proposals have been introduced in Congress but have not passed. For now, the FTC acts on a case-by-case basis rather than through comprehensive industry regulation.

Find out what data brokers know about you

Run a free scan to see which brokers are exposing your personal information -- name, phone, address, email, and more.

Scan Now -- It's Free

Related Pages