Data Broker Breaches Cost $21B in Identity Theft
A new report reveals that data broker breaches have fueled nearly $21 billion in identity-theft losses for consumers. The findings, from a congressional probe led by Senator Maggie Hassan, highlight how hidden opt-out tools and poor data practices leave Americans vulnerable to scams.
How Data Brokers Enable Identity Theft
Data brokers collect vast amounts of personal information—including Social Security numbers, addresses, and birthdates—and often fail to secure it properly. When breaches occur, cybercriminals exploit this data to commit fraud. The report estimates that 30% of breach victims face identity theft, with median losses reaching $200 per case.
Key Breaches and Financial Impact
- Equifax (2017): 147 million records exposed; $425M settlement
- Exactis (2018): 340 million records leaked
- National Public Data (2023): 270 million records compromised
- TransUnion (2025): 4.4 million records breached
These incidents underscore the scale of the problem. The $20.9 billion loss estimate combines financial fraud costs and legal settlements, showing the true cost of lax data security.
Why Opt-Out Tools Are Hidden
Investigators found that data brokers like Findem and Telesign used “no index” codes to hide opt-out pages from search engines. This deliberate obfuscation makes it harder for consumers to remove their data from broker databases.
Company Responses
- Comscore: Removed “no index” code from its privacy page
- Telesign: Enabled search indexing but still buries opt-out links
- 6sense: Conducted third-party audits of opt-out tools
- IQVIA: Replaced old privacy pages with OneTrust-hosted tools
- Findem: Refused to respond to inquiries or remove “no index” code
While some companies improved access after pressure, the report criticizes the lack of transparency. For example, Telesign’s 9,000-word privacy policy still hides critical links.
Protecting Yourself from Data Broker Risks
Consumers can take proactive steps to reduce exposure:
- Use opt-out tools: Visit ConsumerAction.org for broker-specific guides
- Freeze credit reports: Prevent unauthorized account openings
- Monitor financial accounts: Set up alerts for suspicious activity
- Request data deletion: Use the FTC’s DoNotTrack.gov portal
What This Means for Consumers
Senator Hassan emphasizes that data brokers must prioritize consumer safety: “Criminals shouldn’t have an easier path to your data than you do.” The report shows that public pressure can force companies to improve privacy tools—but vigilance remains critical.
FAQs
- How do data broker breaches lead to identity theft?
- Exposed personal information like SSNs and addresses allows scammers to open fake accounts, file fraudulent tax returns, and commit financial fraud.
- Can I remove my data from brokers?
- Yes, but it requires finding hidden opt-out tools. Use ConsumerAction.org for step-by-step guides.
- What should I do if my data was breached?
- Freeze your credit, monitor accounts for fraud, and report incidents to the FTC at ftc.gov.
- Why do brokers hide opt-out pages?
- Some use “no index” codes to prevent search engines from listing these pages, making it harder for consumers to find them.
- Are class-action lawsuits effective?
- Yes—Equifax victims received up to $20,000 in damages. Check ClassAction.org for active cases.
Take Action Now: Visit ConsumerAction.org to start removing your data from brokers and protecting your identity.
