What Are Data Brokers? Complete Guide to Who Sells Your Data

Right now, while you're reading this, companies you've never heard of are buying and selling detailed profiles of your life. Your name, address, and phone number are obvious — but that's just the beginning. Some data brokers maintain records of your estimated income, your likely health conditions, whether you're going through a divorce, which political causes you support, and what products you bought six years ago.

The data broker industry is not a niche corner of the tech world. With an estimated $250+ billion in annual revenue and over 4,000 companies operating in the United States alone, it is one of the largest industries you've never directly interacted with. Understanding what it is, how it works, and what you can do about it is the first step toward reclaiming some control over your own information.

What Are Data Brokers?

A data broker (also called an information broker or data reseller) is a company whose primary business is collecting personal information about individuals — without their direct relationship — and selling that information to third parties.

Unlike companies you directly interact with (your bank, your grocery loyalty card program, your social media accounts), data brokers operate entirely in the background. You never signed up with Acxiom. You never agreed to Spokeo's terms. But both of them likely have a profile on you.

Data brokers fall into several broad categories:

• People search sites: Public-facing sites like Spokeo, BeenVerified, and Whitepages that let anyone look up individuals by name, phone, or address
• Marketing data brokers: Backend companies like Acxiom and Experian Marketing Services that sell audience segments to advertisers
• Risk assessment brokers: LexisNexis, Verisk, and others that provide data to insurers, employers, and financial institutions
• Financial data brokers: The "big three" credit bureaus (Equifax, Experian, TransUnion) that maintain credit histories and sell credit scores

The FTC has documented the data broker industry's scope in multiple reports and has consistently called for greater transparency and consumer control — but comprehensive federal regulation has not yet materialized.

The Major Data Brokers

How Data Brokers Get Your Data

The sourcing question is crucial: how do these companies collect information about people who never gave them permission? The answer is a combination of legal data harvesting and the exploitation of gaps in privacy protection:

Public Records

A massive amount of personal information is technically public under US law: property records (who owns what, purchase prices), voter registration (name, address, sometimes party affiliation), court records (civil and criminal proceedings), marriage and divorce records, birth and death records, business licenses, and professional licenses. Data brokers scrape and compile these records at industrial scale.

Loyalty Programs and Retail Data

Every loyalty card you've ever signed up for has shared your purchase history with data brokers. Your grocery store knows what food you buy; your pharmacy knows what prescriptions you fill; your hardware store knows what home projects you undertake. This purchase data is sold to data brokers under terms buried in loyalty program agreements.

Social Media and Web Tracking

Publicly visible social media information — your name, workplace, school, location, interests, life events — is harvested by data brokers. Third-party tracking pixels and cookies across the web also collect behavioral data that's aggregated into profiles.

Mobile App Data

Many apps request location permissions, then share continuous location data with data brokers. Your device's location history can reveal where you live, where you work, where you worship, what medical facilities you visit, and who you spend time with. This data is bought and sold through an opaque ecosystem of data management platforms.

Financial Data Partners

Banks, credit card companies, and fintech apps often share transaction data (in aggregate or individually) with marketing partners and data brokers. This provides income estimates, spending category breakdowns, and financial behavior profiles.

What Data Brokers Know About You

The breadth of what data broker profiles contain is genuinely shocking to most people. Based on EPIC research and documented data broker data dictionaries, a comprehensive profile may include:

Acxiom's consumer portal (aboutthedata.com) allows US residents to view part of what Acxiom holds — checking your profile there is a sobering illustration of how detailed these records actually are.

Who Buys Your Data — And Why It Matters

Data broker information is purchased by a wide range of industries, not all of them obviously benign:

• Advertisers and marketers: The primary buyers — using demographic and behavioral data to target ads and direct mail
• Insurance companies: Using data to price policies and assess risk — sometimes in ways that raise fairness concerns
• Employers and background check services: Screening job candidates with compiled records
• Landlords: Tenant screening, credit checks, and background research
• Law enforcement and government agencies: Some agencies purchase data broker access to avoid obtaining warrants for information that's technically "publicly available"
• Private investigators: For location and relationship research
• Scammers: Criminal actors purchase data broker access to build detailed profiles of targets for personalized fraud attacks

How to Find Out What They Have on You

You can request to see data that brokers hold about you. This process varies by broker:

• Acxiom: Visit aboutthedata.com to view and edit your profile
• Spokeo: Search yourself at spokeo.com — what you see is roughly what others see
• BeenVerified: Search your own name — the free preview shows what's collected
• LexisNexis: Submit a data request under the opt-out/consumer rights section
• Experian: Consumer credit file is viewable at experian.com; marketing data requires a separate request

The experience is often alarming — the depth of information compiled about ordinary people without their knowledge or consent is far beyond what most people expect.

Your Opt-Out Rights: CCPA and GDPR

California (CCPA / CPRA)

The California Consumer Privacy Act gives California residents the strongest data broker rights in the US. Under CCPA/CPRA, California residents can:

• Request to know what personal information a business has collected about them
• Request deletion of their personal information
• Opt out of the sale of their personal information
• Non-discrimination protection (cannot be penalized for exercising rights)

California also passed the Data Broker Registration Law requiring brokers to register with the state and provide opt-out mechanisms. This creates an enforceable accountability layer.

European Union (GDPR)

The EU's General Data Protection Regulation provides strong rights for EU residents, including the "right to erasure" (also called the right to be forgotten). EU residents can request that data brokers delete their personal information, and controllers must comply within 30 days unless they have legitimate overriding grounds. GDPR enforcement includes substantial fines (up to 4% of global annual revenue) for non-compliance.

Other US States

Virginia (CDPA), Colorado (CPA), Connecticut, Texas, and several other states have passed their own consumer privacy laws with varying degrees of data broker coverage. The landscape is evolving rapidly. Check your state attorney general's website for current rights in your state.

Voluntary Opt-Outs

Even without legal backing in your location, most major data brokers provide voluntary opt-out processes. They may re-add data over time, requiring periodic re-submission. See our complete step-by-step guide: How to Opt Out of Data Brokers (2026).

The AI Scam Connection — Why This Matters for Personal Safety

Data broker information isn't just sold to marketers. It's also purchased or scraped by criminal operations to power increasingly sophisticated social engineering attacks.

A pig butchering romance scammer who knows your job title, income range, and that you're recently single can build a far more convincing approach than one guessing blindly. A grandparent scammer who knows your grandchild's name, that they're in college, and that they drove a specific car, can craft a fake emergency that's terrifyingly specific. AI voice cloning scammers use data broker records to identify which family members to impersonate and how to make the call personal.

Removing yourself from data broker databases is one of the most meaningful steps you can take for your personal safety — not just your privacy. See our guides:

• How to Opt Out of Data Brokers: Step-by-Step Guide (2026)
• Why You Should Remove Yourself From the Internet
• And for scam victims: AIScamRecovery.com — Recovery guides for AI fraud victims