How Mainstream Online Tools Are Exposing Americans to Organized Crime, Stalkers, and Abusive Exes
Even if you are unfamiliar with data brokers, they almost certainly know you. In the absence of nationwide U.S. privacy legislation, experts warn that there are often minimal safeguards against motivated individuals exploiting these services for malicious purposes. Io Dodds reports on a shadowy industry that compiles and sells vast amounts of personal data, putting countless Americans at risk.
Personal Stories of Vulnerability and Exploitation
Julia, a white-collar worker in her thirties from the U.S. northeast, had been dating her partner for approximately one month when the abusive phone calls began. Her partner had previously warned her about a stalker: a former girlfriend intent on sabotaging his life. However, neither expected the woman to locate the phone number for Julia’s family home and threaten her relatives with violence.
Soon, Julia was bombarded with emails, texts, and even a Venmo request containing a note claiming to possess "pornographic evidence" of her partner's infidelity. The stalker walked past Julia's house, confronted her outside a McDonald’s, and drove a nail into her car tire. When Julia questioned how the stalker found her, despite minimal social media use, the response was chilling: "I found your info online."
Upon searching her own name and paying a small fee, Julia discovered her "whole life story" available for purchase: her college, past addresses, and the names of her roommates and closest friends. "It was shockingly personal, and made me feel incredibly vulnerable," Julia, who requested anonymity, told The Independent.
The Unregulated Data Broker Industry
Data brokers compile extensive amounts of public and private information, selling it to customers. This data originates from public documents like marriage certificates, drivers’ licenses, and voter registrations. Additionally, bank records, loyalty cards, internet browsing histories, and even braking and acceleration logs from internet-connected vehicles are sold to brokers through complex networks of intermediaries.
The United States lacks comprehensive federal privacy laws, meaning data brokers face minimal regulation at the national level and only partial oversight in some states. Consequently, experts emphasize that there are often inadequate safeguards against misuse. Belle Torek of the National Network to End Domestic Violence stated, "We see data broker information used as a tool of abuse with alarming frequency, especially in stalking and coercive control cases."
"An abusive partner or ex doesn’t have to be particularly tech-savvy: they can easily Google a name and suddenly have an address, relatives, work history, and other identifiers that [they] can use to dox, harass, impersonate, and intimidate survivors," Torek added.
Devastating Consequences and Criminal Exploitation
The repercussions can be catastrophic. In 2020, Roy Den Hollander, a disgruntled attorney, broke into the home of New Jersey federal judge Esther Salas disguised as a FedEx delivery man. He killed her 20-year-old son Daniel Anderl and critically injured her husband Mark before taking his own life. Salas revealed that Den Hollander had used data brokers to assemble "a complete dossier" on her family, including her address and route to work.
More recently, an FBI affidavit indicated that Vance Boelter, accused of murdering Minnesota Democrat Melissa Hortman and her husband Mark in June, possessed a notebook listing 11 data broker sites and their offerings. U.S. immigration authorities have also reportedly purchased domestic flight data and cell phone location information from brokers to track undocumented immigrants.
Sam Adler, co-author of an upcoming academic paper on how data brokers endanger abuse survivors, told The Independent, "It is safe to assume that data brokers have personal information ranging from your name, address, and phone number to your geolocation, political beliefs, and sexual identity."
The Scale and Scope of Data Brokers
There are at least 750 data brokers in the U.S., according to the digital rights group Privacy Rights Clearinghouse. These range from small, transient firms to global giants with headquarters on Park Avenue. "People search" websites like Spokeo, WhitePages, and Intelius allow virtually anyone to look up individuals for a small fee, while credit reporting giants such as Experian, Equifax, and TransUnion, along with data crunchers like Acxiom and CoreLogic, cater primarily to business clients including marketers, banks, and debt collectors.
The industry argues that its services are essential for businesses to verify customers, conduct background checks, and assist law enforcement in criminal investigations. They also aid journalists in fact-checking and sourcing. However, critics highlight significant risks. A 2023 Duke University study found "seemingly minimal vetting of customers and seemingly few controls on the use of purchased data."
Turquoise Williams, executive director of Just Stalking Maryland Resources and a survivor of violent stalking, described the combination of dangerous obsession and easy access to personal data as "like throwing gasoline on a fire." She told The Independent, "It seems to be this beast that is uncontrollable."
Ongoing Harassment and Psychological Toll
Four years after her ordeal began, Julia continues to experience stalking. "I don't give my phone number out for almost anybody, and I live in perpetual fear of my data leaking out," she said. "I have extreme anxiety now... I've kind of stopped being forward and making new friends…I don't really go out that much anymore."
Jessica Tunon, a financial consultant in Washington, D.C., endured stalking for 13 years, believing her stalker used data brokers to track her across multiple relocations. "I always felt like I was being followed," Tunon recounted. "There was never a time when I didn't feel like someone was watching me. Being on high alert for that long definitely affected my health, my wellbeing, my stress."
Broader Risks and Legal Challenges
Abuse survivors are not the only ones at risk. In 2020 and 2021, three brokers—Epsilon, KBM, and Macromark—admitted knowingly supplying information on millions of vulnerable elderly individuals to scammers who defrauded them of savings, leading to jail sentences for two Epsilon employees.
Last year, the data removal service Atlas filed class action lawsuits on behalf of approximately 20,000 New Jersey law enforcement workers against 118 data brokers for failing to comply with Daniel's Law, which protects the private information of judges and other officials. One lawsuit alleged that an officer who helped dismantle an organized crime group discovered the criminals had hired a private investigator to obtain her address from data broker websites and photograph her child’s bedroom window at night.
Ineffective Opt-Out Mechanisms and Proposed Solutions
Many data brokers claim that individuals can opt out of having their personal information shared, but research indicates these requests are frequently ignored or only temporarily honored. Hayley Kaplan, a privacy consultant, noted the challenges: "Sometimes you can't reach anybody. They have phone numbers that are disconnected. Contact forms that don't work. [And sometimes], when you do reach them, they'll say 'no problem!', but then not actually do it."
Muriel, a rape survivor who requested anonymity, expressed frustration: "I find a lot of them to be incredibly dodgy and shady.... sometimes they'll just flat-out lie to you." Even when data is removed, maintaining privacy requires ongoing effort, described by one woman in Adler’s paper as "like playing whack-a-mole… a burden on your daily life."
Adler and his co-authors propose a centralized, government-maintained register of individuals who have opted out, placing the onus on brokers to comply or face penalties. However, the industry has historically resisted such measures, lobbying against laws like Daniel's Law and California's DELETE Act, which aim to enhance consumer control over personal data.
Current Protections and Personal Costs
Currently, those endangered by data sales rely on patchwork regulation. States like California, Vermont, Texas, and Oregon require data brokers to delete data upon request, though privacy advocates note loopholes. Some individuals use P.O. boxes or state-backed home address confidentiality programs, available in approximately 40 states, though eligibility and scope vary.
Paid services such as DeleteMe, Optery, and EasyOptOuts can automate opt-out requests, but they cost between $20 and $250 annually per user and are rarely comprehensive. Julia highlighted the financial and emotional burden: "I don't make a ton of money. [But] I have to pay for a lot of different services. The data cleanup services, the burner phone services, the misdirected package services. It's expensive and anxiety-inducing."
Reflecting on the industry, Julia offered a blunt assessment: "I think [they're] the scum of the Earth."
