Report Reveals Alarming Data Breach Trends Among Data Brokers in the US: Over 200 Million Records Compromised

What’s worse than data brokers collecting and selling personal information? Data brokers that suffer data breaches resulting in the exposure of your info.

Research conducted by Incogni established that out of the 506 registered, US-based data brokers, 23 had experienced a data breach. How many records were compromised? And where did these breaches occur? Here's everything you need to know.

What are data brokers?

Data brokers are companies that collect, aggregate, and sell personal information. This information can include names, contact details, addresses, financial data, criminal records, and even Social Security numbers.

Data brokers scrape the web for this personal data, gathering it from various public sources, such as public records or social media sites, but also from your search history or purchase history. Further, data brokers may also obtain it from one another or when a data breach occurs. The latter has been a particular cause for concern, especially regarding data privacy.

What are data breaches, and how do they happen?

A data breach is an incident during which sensitive (such as personally identifiable information) or confidential information is accessed by an unauthorized party. The affected entity may not even be aware that the breach has occurred and only learn about it after a significant amount of time has passed.

Data breaches can occur for various reasons, ranging from human error (like succumbing to phishing attacks, incorrectly setting up firewalls, delaying updates, etc.) to a deliberate cyberattack which can be carried out by using malware, DNS tunneling, SQL injection, and more.

Is the number of data broker data breaches on the rise?

Incogni recently conducted an analysis of data broker breaches in the United States. According to their findings, the first data broker data breach occurred in 2002 and involved Acxiom, which actually suffered two breaches. The only other data broker breach during that decade took place in 2005 when LexisNexis was breached.

Once 2011 hit, things started to go downhill, with a data breach happening almost every year, 2014 and 2022 being the only two exceptions. The year 2017 experienced a massive spike, with six companies being breached.

With the COVID-19 pandemic spreading, 2020 was a challenging year that witnessed a significant surge in cybercrime. The number of cybercrime victims increased dramatically, by 69%, highlighting the severity of the situation. As a result, it is perhaps not surprising that a total of nine data breaches occurred during this time.

There was a decrease in the number of data breaches in 2021, with only three breaches reported. While no reports of data breaches were received in 2022, it’s important to note that data breaches are not always immediately discovered. That’s why the accuracy of this information is yet to be confirmed.

Exceptions like the 2021 decline notwithstanding, the trend throughout the first two decades of the 21st century has been one of increasing numbers of data broker data breaches.

Where do data breaches happen most often?

To understand why data breaches happen where they happen, we must first look at where data brokers are registered. With a total of 113, California takes first place in the most significant number of registered data brokers. Second is New York, with 82 data brokers, and the third is Florida, with a "mere" 41 brokers.

Keeping this data in mind, it should come as no surprise that it is also California that saw the greatest number of data broker breaches, with five of its registered brokers experiencing data breaches. New York followed with three breached data brokers, and Washington and New Jersey tied for third place, each with two breached data brokers.

Note: Experian and Equifax were excluded from this data set, as these data brokers operate through multiple subsidiaries located in different states, thus making it difficult to attribute their breaches to a specific location.

Largest data broker breaches

The graph below illustrates the ten most substantial data broker breaches, which collectively impacted an astounding 444.5 million accounts. Interestingly, all occurred between 2012-2021.

California-based People Data Labs accounted for most breaches, making up 40% of the total, with 179 million records leaked. Following in second place was, with 17.8% of the breaches resulting in 79.2 million records leaked, and in third place was ShareThis, with 10.8% of the breaches and 41 million records leaked.

The global impact of data broker breaches

Since 2004 the US has had a staggering 207.6 million accounts leaked. The other four countries affected the strongest by these breaches include India, the UK, Brazil, and Canada.


“Data privacy is becoming increasingly alarming, yet many people are still unaware of the hidden market in which data brokers operate. Upon reviewing the findings, we have seen that data brokers can also experience a data breach, just like any other company. However, they are the ones dealing with massive amounts of sensitive data.” - says Darius Belejevas, Head of Incogni.

“Even though there is nothing we can do about data leaks, there are ways to minimize the amount of our data that ends up on data broker websites in the first place. Apart from optimizing your online privacy settings and removing unused accounts, you can also opt out of data broker records.”

You can manually send opt-out requests to data brokers asking them to remove your personal information or turn to a data removal services that will automatically send removal requests to data brokers and people search sites on your behalf without you having to lift a finger.

Read next: Study Shows Refund and Tech Assistance Frauds Are on the Rise
Previous Post Next Post