Threat Glossary

What are data brokers?

Data brokers are companies that collect, aggregate, and sell information about people — names, home and past addresses, phone numbers, relatives, age, income, and more — usually without the person’s direct knowledge or consent. Consumer-facing brokers are often called “people-search sites.”

Most people have never signed up with a data broker, yet hundreds of them hold detailed profiles about you right now. They are the quiet infrastructure behind doxxing, stalking, SIM-swap reconnaissance, and targeted scams — because they turn scattered public records into a single, searchable dossier that anyone can buy. Here is how the industry works and how to claw your data back.

How data brokers collect your information

Data brokers rarely get information from you directly. Instead they harvest and combine it from many sources:

  • Public records. Voter rolls, property and deed records, court filings, marriage and business registrations.
  • Commercial data. Loyalty programs, warranty cards, magazine subscriptions, and purchase histories sold or shared by retailers.
  • Online activity. Cookies, ad-tracking, app permissions, and self-reported profile fields from websites and apps.
  • Other brokers. Brokers buy and resell each other’s data, which is why the same wrong middle initial or old address can appear on dozens of sites.

They then use matching algorithms to link these fragments into a profile keyed to your name and address — complete with relatives, past addresses, and estimated income.

The two kinds of brokers

Broadly, there are two categories. Marketing and risk brokers sell data to businesses for advertising, identity verification, and background screening — you rarely see them. People-search sites are the consumer-facing kind: type in a name and they display a home address, phone number, age, and relatives, often behind a small paywall. People-search sites are the ones that most directly enable doxxing and stalking, because they expose your location to anyone for a few dollars.

Why data brokers are a security risk

A broker profile is a ready-made attack kit. It gives a harasser your home address, gives a SIM-swapper the personal details to impersonate you to your carrier, gives a scammer the context to craft a convincing phishing message, and gives a fraudster the answers to your “security questions.” None of it requires a hack — it is simply for sale. That is why removing yourself from data brokers is one of the highest-leverage privacy steps you can take.

How to protect yourself

Concrete steps you can take today to reduce your exposure.

Find where you’re listed

Search your name plus your city on the major people-search sites to see which brokers are publishing your address and phone.

File opt-out requests

Most brokers have an opt-out or “suppress my record” process. It is tedious but effective — each removal takes a listing offline.

Use your privacy rights

Laws like California’s CCPA/CPRA and similar state statutes give you the right to request deletion. You can file these yourself or authorize an agent to file on your behalf.

Re-check regularly

Brokers frequently relist people weeks or months after removal, and new brokers appear. Removal is not one-and-done — it needs re-striking.

Reduce the source data

Limit loyalty-program sign-ups, decline unnecessary data sharing, and tighten app permissions so brokers have less to harvest going forward.

Automate at scale

Because there are hundreds of brokers, an authorized-agent service can file and re-file removals across all of them continuously so you don’t have to chase each one.

Frequently asked questions

Is it legal for data brokers to sell my information?

In much of the world, yes — selling data compiled from public records and commercial sources is largely legal, though regulated. Privacy laws such as California’s CCPA/CPRA and the EU’s GDPR give you rights to access and delete your data, and some U.S. states now require broker registration and honor deletion requests.

How do I remove myself from data brokers?

You submit an opt-out request to each broker — usually by finding your listing, confirming it is you, and following their removal process. Because there are hundreds of brokers and they relist you over time, many people use an authorized-agent service to file and maintain removals continuously.

How do data brokers get my information if I never gave it to them?

They aggregate it from public records (voter, property, and court data), commercial sources (loyalty programs, purchases, warranty cards), online tracking, and each other. You never signed up, but your data is compiled from dozens of places you did interact with.

See what’s exposed about you — free

Attackers start with the data that’s already public: your leaked passwords, your breached accounts, and your address on data-broker sites. Run a free scan to see exactly what’s out there about you — then remove it.

The first scan is free with no signup. Broker removals are filed as your authorized agent under CCPA and state-equivalent law. Your results are private to you — we never sell your data.