Should you be worried that data brokers will leak your personal information? Here’s what the data shows

Incogni Larry
4 min readMay 13, 2021

Why should you care that data brokers are collecting, aggregating and trading your personal information?

When we asked people this question, the main (43.9% of all answers) concern was about personal security — brokers getting breached and people’s personal data leaking into the dark web for bad agents to abuse.

“I’m afraid of data breaches and my personal information leaking, making me vulnerable.”

It seems like a reasonable concern given how data breaches can lead to identity theft and other major problems.

But data brokers will claim that they take utmost precautions to make sure your data is secure.

Therefore, we decided to put this fear to the test — looking objectively, how concerned you should be that a data broker will be affected by a data breach and your personal information would leak?

To answer this question we decided to review a list of 492 data brokers (including the big players in the market) and see how many of them were affected by data breaches to date and what was the impact.

In some cases we couldn’t find the exact year when the breach occurred, the number of data contained in the breach or what data was leaked. See detailed list.

Worthy of special mention

Exactis

Not all breaches are caused by ninja hackers finding vulnerabilities in systems. Sometimes your personal data can leak due to human error and straight up negligence on the side of the data broker.

In 2018 security expert discovered an unprotected Exactis database that contained 230 million records on consumers and 110 million on business contacts. Each record contains not just contact and public information but more than 400 variables like whether the person smokes, their religion and interests.

Source: https://www.wired.com/story/exactis-database-leak-340-million-records/

Deep Root Analytics

In another case of incompetence, Deep Root Analytics left an unsecure database of 198 million Americans that contained contained “names, dates of birth, home addresses, phone numbers, and voter registration details” as well as data described as predicted data about voter behavior on policy preferences and likelihood of choosing a particular candidate.

Cases like these (and there are more, including outside of the US) shows why data brokers can be seen even as a threat to democracy.

Source: https://www.dw.com/en/deep-root-analytics-behind-data-breach-on-198-million-us-voters-security-firm/a-39318788

CheckPeople.com

How comfortable would be sharing your current and past addresses, phone numbers, email addresses, names of relatives, criminal records with random people on the internet?

How about if that information would then be collected and shared on a server with a Chinese IP address for unknown agents and entities to access and use at their discretion?

All that happening in the background without you knowing because CheckPeople never asked for your consent to collect that information in the first place.

Source: https://securityaffairs.co/wordpress/96238/data-breach/checkpeople-data-leak.html

Equifax

In 2017, attackers exfiltrated hundreds of millions of customer records from the credit reporting agency.

It potentially affected 143 million people whose names, addresses, dates of birth, Social Security numbers, and drivers’ licenses numbers were exposed.

A small subset of the records — on the order of about 200,000 — also included credit card numbers.

Combined with how awfully they handled the response to the breach, Equifax case is a strong argument why companies should not be handling your personal information without informed consent.

Source: https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html

Dozens of cases X huge data sets = big problem

While 30 out of 492 might not seem like a bad ratio at first, the risk of collecting such massive sets of personal information is that when a data breach does happen, it affects hundreds of millions of people — that’s scary!

Especially when you consider how that data can then be used with other information to inflict damage.

For example, what would happen if that same bad agent would take CheckPeople.com leak and combine it with Deep Root Analytics leak that contains political preferences? Or combine it with SSN/Credit card information to inflict financial harm?

Unfortunately we’re not talking in hypotheticals, this kind of fraud employing different data sets of breached data is already happening. And, looking at the data, chances are that it’s only a matter of time until more data brokers get breached and another million or billion of people are put in a vulnerable position because of it.

To learn how to make data brokers remove your information, we have a step by step guide here.

Alternatively, if you’d prefer to use technology to automate the process and make exercising your right to privacy easier, join the waitlist for optoutaid. The tool is coming live soon!

--

--

Incogni Larry

Helping people exercise their right to privacy and take their personal data off the market.