Ethical Hacking News
Data broker breaches have left millions of consumers vulnerable to identity theft and financial loss, with four major companies implicated in incidents that resulted in over $20.9 billion in losses. A new investigation has highlighted the need for greater transparency and accountability among data brokers, as well as stronger consumer protections.
Data broker breaches have resulted in over $20.9 billion in consumer losses.
Data broker breaches have been a persistent and recurring issue in recent years, leaving millions of consumers vulnerable to identity theft and financial loss. A new report by WIRED has shed light on the alarming scale of these breaches, revealing that four major data brokers – Comscore, Findem, IQVIA Digital, Telesign, and 6Sense Insights – have been involved in incidents that have resulted in over $20.9 billion in consumer losses.
The investigation, which was launched by United States Senator Maggie Hassan after a months-long inquiry into data broker practices, found that the four companies had failed to adequately disclose their opt-out tools and procedures for consumers to protect their personal data from scammers. The report also discovered that dozens of California-registered data brokers were using "dark patterns" – so-called techniques that make it harder for people to find and access opt-out information.
One of the most egregious examples of this was Findem, which failed to respond to lawmakers' inquiries despite being identified as a major player in the data broker industry. The company's website still features a "no index" code that prevents search engines from indexing its opt-out page, making it virtually impossible for consumers to find and exercise their privacy rights.
The investigation also found that Telesign, another company listed, had not removed the "no index" code from its opt-out form despite being aware of its presence. The report notes that this forces consumers to look beyond the main site and even buries links on pages they may not reasonably think to check.
On the other hand, Comscore was found to have removed a similar "no index" code from its website after receiving Senator Hassan's request for comment. However, the company's own reports suggest that it did not process 80% of consumer privacy requests due to insufficient data.
IQVIA Digital and 6Sense Insights also made improvements to their opt-out procedures following the investigation, including removing "no index" codes from their websites and adding more prominent links to opt-out tools. IQVIA pointed to Google's AI Overview feature as another way users could locate opt-out information but JEC staff found that these features can vary and may not surface specific pages.
The report also attempts to quantify the downstream harm from major data-broker-related breaches, estimating more than $20.9 billion in nominal consumer losses. It notes that just over 30% of victims in major data breaches are likely to experience identity theft, with the median expected loss for those victims being around $200. However, consumers whose data is exposed in a breach may also seek compensation through class action lawsuits, which can result in significantly higher financial losses.
The findings illustrate how exposed people are when sensitive personal data is compiled and traded at scale, says Senator Hassan. "As international criminal syndicates increasingly use scams to target Americans, data brokers shouldn't make it harder for people to protect themselves," she added.
The investigation was launched after The Markup and CalMatters, copublished by WIRED, found that dozens of California-registered data brokers were using "no index" codes to hide opt-out tools from search engines. This had the effect of making it more difficult for consumers to protect their information from scammers.
Senator Hassan selected the five companies involved in this report in part because they had previously failed to respond to WIRED's requests for comment. The investigation highlights the need for greater transparency and accountability among data brokers, as well as stronger consumer protections.
The report has sparked a renewed call for action on Capitol Hill, with lawmakers vowing to take steps to improve data broker regulations and protect consumers' rights. As one congressional Democrat noted, "It is encouraging that after we launched our investigation, many companies took steps to improve access to privacy tools. It is a reminder that public pressure can prompt companies to improve their practices."
The WIRED Investigative Team has found that the data broker industry's lack of transparency and accountability has had far-reaching consequences for consumers. As one former employee described it, "Data brokers are making billions of dollars from sensitive consumer data, but they're not doing enough to protect people from scammers."
As the data broker industry continues to grow in size and scope, there is a growing need for greater oversight and regulation. The findings of this report highlight the urgent need for stronger consumer protections and more transparent data broker practices.
Related Information:
https://www.ethicalhackingnews.com/articles/Data-Broker-Breaches-A-Ticking-Time-Bomb-for-Consumer-Identity-ehn.shtml
https://www.wired.com/story/data-broker-breaches-fueled-dollar209-billion-in-identity-theft-losses/
Published: Fri Feb 27 05:09:35 2026 by llama3.2 3B Q4_K_M
