You searched your own name, and a site you have never heard of returned your home address, your age, your phone number, and a list of your relatives. That site is a data broker — one of hundreds of companies whose business is collecting personal information and selling it. This guide explains what these companies are, where the data comes from, why the listings matter, and what you can actually do about them.
What is a data broker?
A data broker is a company that collects personal information about people it has no relationship with, then sells or licenses that information to others. You never signed up. You never agreed to terms. The broker assembled a file on you anyway, from sources it can legally access, and its customers — marketers, employers, insurers, curious strangers — pay to read it.
The scale is documented. When the Federal Trade Commission studied nine data brokers in 2014, it found one broker holding 3,000 data segments for nearly every US consumer, and another adding more than 3 billion new data points to its database each month. That was over a decade ago; the industry has only grown since.
How many brokers exist today is genuinely unknown, because most states require no registration at all. The best available floor comes from California, whose mandatory registry — the largest in the country — listed 545 registered data brokers for 2025. That figure counts only companies doing business in California that complied with the law.
What are the three types of data brokers?
The industry is not one thing. Brokers fall into three broad categories, and the distinction matters because each one affects you differently.
People-search sites. These are the brokers you can see. Whitepages, Spokeo, BeenVerified, TruePeopleSearch, Radaris, FastPeopleSearch and dozens of similar sites publish profiles — name, age, addresses, phone numbers, relatives — and let anyone look you up, often free or for a few dollars. Because their product is public-facing, they are also the brokers you can do something about directly: each maintains an opt-out process, and we publish step-by-step guides for Whitepages, Spokeo, and TruePeopleSearch, among others.
Marketing data brokers. These companies build audience profiles — demographics, inferred interests, purchase behavior, household composition — and sell them to advertisers. You never see the file. Its effects show up as eerily targeted ads, junk mail addressed correctly to your new home, and spam calls that know your carrier. The FTC’s report found that brokers in this category segment consumers into categories as specific as expectant parents or recent movers.
Risk-mitigation and identity-verification brokers. The third type sells to businesses that need to verify who you are or assess risk: background-check firms, fraud-prevention systems, tenant and employment screeners. These brokers hold some of the most sensitive data — government identifiers, financial signals — and their files can shape real decisions about you, often without your knowledge. They are also the hardest category to opt out of, because their customers argue the data serves fraud prevention.
One company can straddle all three categories, and brokers routinely buy from each other. In the FTC study, seven of the nine brokers examined had shared data with another broker in the study.
Where do data brokers get your information?
No hack is required. The files are built from three legal source types.
Public records. Voter registrations, property deeds, court records, marriage and divorce filings, professional licenses, bankruptcy filings. These are public by design — open government is the point — but brokers aggregate them into a single profile, which changes their character entirely. A property deed in a county filing cabinet is transparency; the same deed indexed beside your phone number and your daughter’s name on a search site is a dossier.
Commercial sources. Purchase histories, warranty registration cards, magazine subscriptions, loyalty programs, change-of-address data. Much of this is collected by companies you did business with and then sold or licensed onward, permitted by privacy policies almost nobody reads.
The open web. Brokers scrape and license data from social media profiles, online directories, obituaries, and other websites — and, as noted above, they buy from each other constantly. This recycling is why removing the original source rarely removes the listing: the data has already propagated.
What does a people-search listing actually expose?
A typical free or low-cost people-search profile includes your full name and known aliases, your age and month of birth, your current home address, a history of past addresses going back decades, phone numbers, email addresses, and the names of relatives and known associates. Paid reports on the same sites layer on more: property records, court records, licenses, and in some cases marital status and estimated income.
Two properties make these listings worse than the sum of their fields. First, they are aggregated — someone who knows only your name can, in one search, learn where you live and who your family is. Second, they are usually duplicated: most people have several listings per site under name variants and old addresses, and the same record appears across dozens of sites that share data sources.
Why does it matter if your data is listed?
For most people, most of the time, the consequence is friction: more spam, more robocalls, more precisely targeted junk mail. But the failure cases are serious, and they are not hypothetical.
Doxxing and harassment. A people-search profile is a ready-made doxxing kit. Anyone you have angered online — or who has simply fixated on you — can pull your home address in under a minute.
Stalking and domestic abuse. For people leaving an abusive relationship, address exposure is a safety issue, not a privacy preference. An abuser does not need to hire an investigator; a search site will sell your new address for the price of a coffee.
Social engineering and fraud. Scammers use broker data to make their stories convincing. Knowing your address, your relatives’ names, and your previous employers is what makes a fraudulent call sound legitimate — to you, to your bank, or to your grandmother.
Decisions made about you. Risk-scoring and background-check data can quietly influence whether you get an apartment, a loan rate, or a job interview, with errors that are hard to discover and harder to correct.
None of this requires alarm — it requires a sober accounting. The data is out there; the question is how much of it stays easy to find.
Is any of this legal?
Mostly, yes. The United States has no comprehensive federal law governing data brokers. The FTC recommended legislation back in its 2014 report; Congress has not passed it. Sector-specific laws like the Fair Credit Reporting Act constrain credit bureaus and formal background checks, but ordinary people-search publishing falls largely outside them.
The states have moved instead. The California Consumer Privacy Act (CCPA) gives California residents the right to know what data a business holds and to demand deletion, and a growing list of states — Virginia, Colorado, Connecticut, Texas, and others — have passed their own versions. Vermont was first to require data brokers to register annually, back in 2018.
The most consequential development is California’s Delete Act (SB 362). It created the registry mentioned above and, more importantly, a one-stop deletion mechanism called DROP — the Delete Request and Opt-out Platform — which went live on January 1, 2026. California residents can submit a single request that reaches every registered broker, and brokers are required to begin processing those requests on August 1, 2026, with fines of $200 per day for brokers that fail to register. If it works as designed, it is the closest thing the US has to a master off switch — but it covers California residents and registered brokers only.
For everyone else, removal remains site by site, using the opt-out processes the brokers themselves operate — many of which exist precisely because state laws require a do-not-sell mechanism.
What can you do about it?
You have two real options, and they are not mutually exclusive.
Do it yourself, free. Every major people-search site has an opt-out process, and they genuinely work — we have verified the flows for the biggest ones. Expect roughly 5 to 20 minutes per site, a verification step (an emailed confirmation link on most sites, an automated phone call on Whitepages), and the need to repeat the process for each separate listing of you. The catch is scale and recurrence: there are hundreds of brokers, and removed records often reappear when the sites refresh from public records.
Pay a service. Data removal services send opt-out requests to hundreds of brokers on your behalf and keep re-sending them when your data resurfaces, for roughly $20 to $150 per year depending on coverage and features. Our ranking of the best data removal services compares the major options on price, coverage, and proof of results.
Which path fits depends on how exposed you are, how much your time is worth, and whether your concern is one-time or ongoing. We lay out that decision honestly — including the cases where you should keep your money — in our guide to free vs. paid data removal.