Are US Data Brokers Able to Protect the Personal Information They Deal In?

Key findings:

• At least 207.6M American records were compromised through the 10 data breaches discussed here, representing nearly half (46.7%) of all records exposed and making the United States the most affected country.
• The US also has the greatest breach density, with 627 exposed records per 1000 people. Canada, in second place, and the Netherlands, in third place, have half as many, with 301 and 295 leaked records per 1000 people, respectively.
• There have been at least 10 data broker breaches to date that resulted in at least 1 million user records being leaked, exposing a total of 444.5M records.
• 2020 saw the most data brokers breached, with a whopping 9 events.
• California has by far the most registered data brokers, with a total of 113, and the most breached data brokers, with a total of 5 (4.4% of its registered brokers).
• Arkansas and South Carolina have the highest percentage of breached data brokers, with each having two registered data brokers and one breach.

There have been a total of 40 events of data brokers suffering data breaches, starting with the Acxiom breach in 2002.

Data brokers are companies that specialize in the collection, processing, and sale or distribution of personal information. They rely mainly on public records to source this data (learn how to remove yourself from public records here), but may also acquire personal information from other data brokers and even data breaches.

These companies build profiles on everyday Americans that can include full contact and demographic details, court and criminal records, financial information, and even Social Security numbers. The profiles they create often branch out to reach family members, known associates, and business contacts.

With hundreds of data brokers (including people search sites) known to operate in the US alone¹, the average American adult may have dozens of profiles on them without their knowledge, let alone consent. How good are these companies at protecting the data they deal in?

Data broker data breaches by state

The number of data brokers operating in the US might be shockingly high to someone trying to have their personal information removed, but it’s too small to draw too many statistical conclusions. Still, there are some interesting insights to be gleaned from looking at a state-by-state breakdown.

‍