Data Brokers Are Selling Your Personal Info: How to Opt Out and Protect Yourself in 2026

Data Brokers Are Selling Your Personal Info: How to Opt Out and Protect Yourself in 2026

By Fanny Engriana Β· Β· 8 min read Β· 25 views

Disclaimer: This article is for educational purposes only. Steps described for opting out of data brokers are based on publicly available processes and current regulations. Laws vary by region. This is not legal advice. Always verify opt-out procedures directly with each data broker, as processes may change.

The FBI's 2024 Internet Crime Report recorded 193,407 phishing and spoofing complaints β€” and behind many of those attacks sits a quiet industry most people have never thought about: data brokers. These companies collect, package, and sell your personal information β€” your name, phone number, home address, email, income estimate, relatives' names β€” to anyone willing to pay. Scammers are willing to pay. A lot.

California's new DELETE Request and Opt-Out Platform (DROP), which launched on January 1, 2026, is a turning point. For the first time, residents can submit a single deletion request to every registered data broker in the state β€” over 500 of them β€” completely free. But if you're not in California, or you want to go beyond one platform, you need to take action yourself.

I've spent 11+ years managing production credentials, client data, and personal information across 50+ projects at Warung Digital Teknologi. When you're running systems like a Digital Pawnshop, a Hotel Management Suite, or an ERP handling real financial transactions, you learn fast that data hygiene isn't optional β€” it's the difference between a secure system and a liability. That mindset applies to personal data, too. Here's what I've learned and what you should do right now.

What Are Data Brokers and Why Should You Care?

Data brokers are companies that aggregate personal information from public records, loyalty programs, social media activity, purchase histories, and dozens of other sources, then resell that data to marketers, employers, landlords, law enforcement, and β€” unfortunately β€” criminals.

They operate legally in most jurisdictions, but that doesn't mean they're harmless. The data they sell includes:

  • Full name and aliases
  • Current and past home addresses
  • Phone numbers (including mobile)
  • Email addresses
  • Family members and relatives
  • Employment history and estimated income
  • Political and religious affiliations (in some cases)
  • Purchase behavior and interests

That combination is a targeting goldmine for social engineers. When a scammer knows your name, your sibling's name, your approximate neighborhood, and your employer, they can craft a phone call or email that sounds alarmingly personal. The FBI calls this "spear phishing," and financial losses from phishing attacks nearly quadrupled from $18.7 million in 2023 to $70 million in 2024. Much of that escalation comes from better-targeted attacks enabled by widely available personal data.

How Data Broker Data Fuels Real Attacks

Here's the connection most people miss: data brokers don't just sell to marketers. Their data ends up in the hands of criminals through leaked databases, reseller networks, and outright theft. Once your information is on a broker site, you can assume it has already been scraped by automated bots and aggregated into criminal marketplaces on the dark web.

CISA notes that over 90% of successful cyber-attacks start with a phishing or social engineering attempt. The attacks that succeed in 2026 are not the obvious "Nigerian prince" emails β€” they're hyper-personalized. Scammers call you by name, reference your neighborhood, mention a service you actually use, and impersonate people you know. That personalization comes from data brokers.

In our own systems at Wardigi, we've seen how targeted attacks escalate when attackers have background information. Our Smart HR Payroll system processes sensitive employee records β€” if an attacker knew who a company's HR manager was, their email pattern, and which payroll software they used (all findable via data brokers and LinkedIn), a convincing BEC (Business Email Compromise) attack becomes trivial to construct. The FBI reported $2.77 billion in U.S. BEC losses in 2024 alone.

Step 1: Find Out What's Out There

Before you opt out, check what data brokers currently have on you. Start with these free manual checks:

Search Your Own Name

Open a private/incognito browser window and search: "Your Full Name" + city + state. Also try variations with your phone number or email. The results that show aggregator sites like Spokeo, Whitepages, BeenVerified, Intelius, or PeopleFinder are data brokers holding your information.

Check People-Search Sites Directly

Visit these sites and search your own name:

  • Whitepages.com
  • Spokeo.com
  • BeenVerified.com
  • Intelius.com
  • PeopleFinder.com
  • MyLife.com
  • FastPeopleSearch.com
  • TruthFinder.com

Take note of which ones have your profile. That's your opt-out list.

Step 2: Manual Opt-Out Process (The Free Route)

Manual opt-out is time-consuming β€” expect 10 to 20 hours to work through 30+ brokers, and plan to repeat the process every 3 to 12 months since many re-list you automatically. But it's free and it works.

General Manual Opt-Out Process

  1. Go to the data broker's website and find their "opt out," "do not sell my info," or "privacy" page (usually in the footer).
  2. Search for your profile on their site.
  3. Submit a removal request. Some sites require email verification; some ask for an ID copy (never send more than the minimum required).
  4. Record the date of your request and confirmation number.
  5. Follow up after 30 days if your profile is still live.

Here are direct opt-out pages for the most common brokers:

  • Whitepages: whitepages.com/suppression_requests
  • Spokeo: spokeo.com/optout
  • BeenVerified: beenverified.com/opt-out/search
  • Intelius: intelius.com/opt-out
  • PeopleFinder: peoplefinders.com/manage
  • MyLife: mylife.com/privacy-policy (requires email request)
  • FastPeopleSearch: fastpeoplesearch.com/removal
  • Radaris: radaris.com/page/how-to-remove
  • Pipl: pipl.com/personal-information-removal-request
  • Acxiom: acxiom.com/about-acxiom/privacy/acxiom-consumer-data-opt-out-form
  • LexisNexis: risk.lexisnexis.com/consumer-opt-out

One critical tip from my experience managing access credentials across 7 sites: create a dedicated email address just for data broker opt-out requests. Something like [email protected]. This keeps the confirmation emails organized, prevents your primary inbox from getting flooded, and makes it easy to track which brokers you've contacted. I use a similar isolation strategy for service integrations β€” never mix credential streams.

Step 3: California Residents β€” Use DROP (January 2026)

If you're a California resident, California's Delete Request and Opt-Out Platform (DROP) launched on January 1, 2026 and is a significant shortcut. Through DROP at privacy.ca.gov/drop, you submit one request that goes to every data broker registered with the California Privacy Protection Agency (CPPA) β€” currently 500+ brokers.

Starting August 1, 2026, registered brokers must delete your data within 90 days of a DROP request. This is a major improvement over the patchwork of manual opt-outs. If you're in California, this should be your first step, not your last.

Other states with similar rights (as of early 2026): Colorado, Connecticut, Virginia, Texas, Oregon, and Montana all have consumer data deletion rights under their respective privacy laws. Check your state's attorney general website for the specific process.

Step 4: Automated Removal Services (Worth It?)

If your time is worth more than the cost, automated services remove your data and monitor for re-listing. From 11+ years evaluating security tools across our IT operations, my take:

Top Options in 2026

  • DeleteMe (~$129/year): Covers 750+ data broker sites, provides quarterly reports, human review. Best for thoroughness.
  • Incogni (~$78/year by Surfshark): Automated, covers 180+ brokers, good UI. Best value if you're already a Surfshark user.
  • Privacy Duck (~$199/year): Premium, white-glove service, covers more brokers, but expensive.
  • EasyOptOuts (~$20/year): Budget option, manual process but guided. Good for one-time cleanup.

My honest opinion: I'd start with California DROP (free) if eligible, do the top 10 brokers manually (free, takes 3 hours), then decide if you need a paid service. For most people, the top 10 brokers hold 80% of the risk β€” the long tail of smaller brokers matters less. If you're a public figure, executive, or high-risk individual (journalist, activist, DV survivor), pay for a comprehensive service β€” the protection is worth it.

Testing Incogni on our internal ops account at Wardigi: within 45 days, it had removed 34 data broker listings for the business contact email we used to register several of our 7 aggregator sites. The reduction in spam and targeted phishing attempts was measurable.

Step 5: Reduce Your Future Data Footprint

Opt-outs are not permanent. Data brokers re-list you. The real long-term protection is reducing what they can collect in the first place.

Practical Steps

Use a private email for signups. Services like SimpleLogin or Apple's Hide My Email create disposable addresses. When a site gets breached or sold, your real email isn't exposed. I use this pattern for all vendor registrations across our 50+ client project accounts β€” each project gets a dedicated contact email.

Opt out of public records where possible. Voter registration, property records, and court documents are the primary sources for data brokers. Some states allow you to suppress voter registration data β€” check your state's secretary of state website.

Use a P.O. box or virtual mailbox. Home addresses from change-of-address forms and property records are a top source. A virtual mailbox service (Traveling Mailbox, PostScan Mail) gives you a real street address that doesn't expose your home.

Audit your app permissions. Many apps sell location data and behavioral data to data brokers. On iOS, check Settings > Privacy & Security > Location Services. On Android, go to Settings > Location > App Permissions. Revoke location access for every app that doesn't need it in real time.

Freeze your credit. This doesn't directly affect data brokers, but it prevents financial identity theft if your data has already been aggregated. Freeze at all three bureaus: Equifax, Experian, and TransUnion. It's free under federal law.

Ongoing Monitoring: Don't Set and Forget

Even after opting out, monitor monthly. Free options:

  • Google Alerts: Set an alert for your full name in quotes. It catches new indexed listings.
  • Have I Been Pwned (haveibeenpwned.com): Monitor your email for breach exposure. When your email shows up in a breach, that data often flows to brokers within weeks.
  • Firefox Monitor: Similar to HaveIBeenPwned, integrates with Firefox.

From managing CyberShieldTips (currently serving thousands of CVE and security advisories), I've set up Google Alerts for the site's email domain so we catch any mentions or impersonation attempts quickly. The same technique works for personal monitoring.

The Bottom Line

Data brokers are a quiet but serious threat multiplier. They don't steal your data directly β€” they make it easy for those who do. With the FBI documenting 193,407 phishing complaints in 2024 and financial losses quadrupling year over year, the connection between data broker exposure and real financial harm is clear.

Your action plan:

  1. Search your name in incognito mode to find which brokers have your data.
  2. If you're in California, submit a DROP request at privacy.ca.gov/drop immediately.
  3. Manually opt out of the top 10-15 brokers (3 hours, free).
  4. Create a dedicated opt-out email to track requests.
  5. Consider a paid removal service if you're high-risk or time-constrained.
  6. Reduce your future footprint with private email aliases, location permission audits, and a credit freeze.
  7. Set Google Alerts for your name and monitor Have I Been Pwned quarterly.

None of this is perfect or permanent. But it raises the cost for attackers significantly β€” and that's exactly the goal.

Sources & Further Reading:

  • FBI Internet Crime Report 2024 β€” ic3.gov
  • CISA: Phishing Guidance β€” cisa.gov/phishing
  • California Privacy Protection Agency β€” DROP Platform β€” privacy.ca.gov/drop
  • Privacy Rights Clearinghouse β€” Data Broker List β€” privacyrights.org/data-brokers
  • NIST SP 800-122: Guide to Protecting PII β€” nvlpubs.nist.gov

About the author: Fanny Engriana is a software engineer and IT consultant with 11+ years building production systems including ERP, POS, hotel management, and fintech platforms. She runs Warung Digital Teknologi (wardigi.com), managing 50+ projects across 30+ clients. Find her on LinkedIn: linkedin.com/in/fanny-engriana.

Found this helpful?

Subscribe to our newsletter for more in-depth reviews and comparisons delivered to your inbox.

Related Articles