What internet data brokers have on you — and how you can start to get it back
D3sign | Moment | Getty Images
Data brokers have long operated in the shadows of the internet, quietly amassing unprecedented amounts of personal information on billions of people across the globe, but few realize just how deep this data collection really goes.
In an age where every move you make online — every click, every purchase, every “like” — is meticulously harvested, packaged, and sold for profit, aggregated personal data has become a valuable commodity, and the global data broker industry is proof of that.
The rise of artificial intelligence tools poses the risk of even more personal information being scraped from the internet and an already opaque world of data brokering becoming even more aggressive, and that is heightening data privacy concerns. A 2023 study from Pew Research found that the American public increasingly says it does not understand what companies do with their data. According to Pew, 67% of Americans say they “understand little to nothing about what companies are doing with their personal data, up from 59% in its previous survey on the subject in 2019. A majority of Americans (73%) think they have “little to no control” over what companies do with their data.
Many people are unaware that something as simple as their phone number can be used by data brokers and bad actors to uncover highly sensitive information, including a Social Security number, address, email, and even family details, said Arjun Bhatnagar, co-founder and CEO of Cloaked, an app that disguises your personal information by generating a unique “identity” for each online account you have.
According to Roger Grimes, an expert at cybersecurity education firm KnowBe4, while many data brokers —especially the more well-known players — sell information responsibly, some of the smaller, unknown brokerages skirt regulations, push ethical boundaries, and exploit data in ways that can lead to misuse or harm. This is partly due to the hazy regulation landscape around data brokerage, which makes it easier for these practices to go unchecked.
Some of the largest providers of data brokerage services include Experian, Equifax, TransUnion, LexisNexis, Epsilon (formerly Acxiom), and CoreLogic, according to a ranking from OneRep, an online personal data management service. People-search services Spokeo and Intelius are also among the top data brokers, according to OneRep. These companies operate across multiple industries, handling both publicly available information and more sensitive consumer data. They offer various services, ranging from marketing analytics to credit scoring and background checks, and all of them have processes for requesting your data or asking for it to be deleted. However, depending on the state you live in, they may not have to comply.
Experian, Equifax and TransUnion are a good place to begin to understand how much the data industry has grown. While many consumers know these companies for their credit services, those are now just one piece of the revenue pie, with broader digital marketing of data increasingly important, according to Jeff Chester, founder and executive director of the Center for Digital Democracy, a Washington, D.C.,-based consumer privacy advocate. And data collection spans much farther across the economy, with companies from grocery stores offering discount programs to streaming video services amassing data that others will pay for. “Today, everyone is a data broker. Having the ability to reach someone online and target has become a core part of business,” Chester said.
“I try to lock down everything as much as I can, but I’m also aware that even though I’m a security expert, I’m probably overexposed,” said Bruno Kurtic, president and CEO of data security firm Bedrock Security.
As a basic step to limit financial risks, he recommends that all individuals freeze their credit reports as a proactive measure against identity theft and to prevent malicious actors from opening new accounts or loans in their name.
Inside data brokers’ massive vault
Cybersecurity experts estimate that data brokers collect an average of 1,000 data points on each individual with an online presence.
“It behooves them to collect as much as humanly possible about you, because the larger the information pool about you and the more specific they can get, the higher the cost of that data,” said Chris Henderson, senior director of threat operations at Huntress, a cybersecurity company founded by former National Security Agency personnel.
Here’s a breakdown of the types of information data brokers typically collect, according to privacy experts interviewed by CNBC:
- Basic identifiers. Full name, address, phone number, and email.
- Financial data. Credit scores and payment history.
- Purchase history. What you search for online, what you buy, where you buy it, and how often you buy certain products.
- Health data. Your medications, medical conditions, and your interactions with health-related apps or websites.
- Behavioral data. Insights into your likes, dislikes, and the types of ads you’re likely to click on.
- Real-time location data. GPS data from apps that track your commute, where you shop, and how often you visit certain places.
- Inferred characteristics. Based on you’re your browsing and media consumption — the websites you visit, articles you read, videos you watch, data brokers draw insights about your lifestyle, income, preferences, religious or political beliefs, hobbies, and even your likelihood of charitable giving.
- Relationships with family, friends, and colleagues. By analyzing your network of friends, followers, and connections on social media and messaging apps, data brokers can map out your relationships and even track how frequently you interact with certain individuals to determine the depth of your bonds.
Little oversight around data privacy
The lack of comprehensive regulation around data privacy allows data brokers to operate with little oversight, unlike the General Data Protection Regulation (GDPR) in the European Union.
“There is no comprehensive federal privacy law that specifically regulates the industry, which makes it hard to combat them,” said Chelsea Magnant, adjunct instructor of cyber leadership at NYU’s Center for Global Affairs and a director at corporate consulting firm Brunswick. “We essentially have a patchwork of state laws with varying privacy protections that these companies know how to navigate.”
California was the first to enact comprehensive legislation in 2018 with the California Consumer Privacy Act, giving residents more control over their personal data. In 2020, California voters approved an expansion of the CCPA, called the California Privacy Rights Act, which took effect in 2023. It offers the most extensive protections in the U.S., including data correction, limiting the use of sensitive information, and requiring businesses to honor opt-out preference signals. It also imposes stricter data-protection obligations on companies, such as minimizing data collection.
Since then, about 20 other U.S. states have followed suit; however, the specific rights and thresholds for which companies must comply vary widely between states.
“Different states have different business environments, economies, and viewpoints. This lack of a unified approach, something that protects all citizens across the country, leaves us vulnerable to data brokers,” said Rob Hughes, chief information security officer at RSA.
Even in states where the privacy laws are strict, there is skepticism that smaller companies on the margins of the data brokerage industry will follow them. “They have extremely sensitive data sets under their management, and they have to essentially behave like the most sensitive enterprises. And we know that some of these data brokers just don’t operate businesses like that,” Kurtic said.
How to take control of your data
To start protecting your privacy, it’s important to rethink how much personal information is shared on a daily basis, says Cloaked’s Bhatnagar. While we can’t fully hide, consumers need to develop new habits and tools to limit what we expose, from turning off permissions that track your location to saying no to cookies and refraining from posting personal details online. Additionally, using tools like secure browsers, VPNs, and tracker blockers can help.
Some of the largest technology companies in our daily lives, such as Apple, are continually updating and adding to privacy options, such as on the new iPhone and latest iOS update.
An Equifax spokeswoman said U.S. consumers can opt out of their personal information being shared in accordance with U.S. state privacy laws. On average, she said, opt-out requests made through the Equifax Privacy Preference Center are processed in less than one business day and consumers are informed of a successful submission through the company’s Preference Center. Consumers can also review the types of third-parties that companies such as Equifax share personal data within its privacy section.
Opt-out links and instructions are readily available for most of the major data brokers:
But data privacy experts says reclaiming or deleting your data from brokers can be a deliberately complex process that is not only time-consuming but frustrating. Each broker has its own opt-out requirements, and even after you’ve removed your data, it often reappears, sourced from other places.
“Removing your data from their systems impacts their bottom line, so they are disincentivized to make this easy for you,” said Henderson. “Ultimately, if you remove the information, they can’t sell that. So the more people who request their information be removed, the less attractive of a broker they are to the advertisers.”
There are data-removal services, such as DeleteMe, Kanary, OneRep, and PrivacyDuck, which charge a fee to manage these ongoing tasks, and are becoming increasingly popular. In October, Consumer Reports launched Permission Slip, a free app that helps you control which companies can collect, store and sell your personal data. It relies on donations to keep it going, either through the app or the Consumer Reports website.
For those opting for the DIY approach, here’s what the data privacy experts interviewed by CNBC recommend to get started:
Identify the brokers collecting your data. As already stated, this can be a daunting task, as many operate behind the scenes. However, there are a few methods you can use to track them down, says Henderson. One is to conduct a Google search using your name, phone number, and email address and see which brokers pop up. You’ll most likely find your name on sites like Spokeo, Whitepages, or MyLife. Another strategy is to visit the websites of the largest data brokers and search your information.
Submit opt-out requests. If you live in a state with data privacy regulations, you can submit a request to delete your data on the opt-out page of these companies’ websites, including at the links listed above, so they cannot share your data with third-party companies. It’s important to note that each broker may have different processes for handling these requests and state laws vary when it comes to what types of data are covered. Some data brokers may also require you to provide identification or verify your identity.
Check your results. After submitting opt-out requests, revisit the data brokers’ sites periodically to ensure your data has been removed. It may take several weeks or months for your request to be processed.
Engage in digital hygiene practices. Regularly reviewing and updating your online security practices is essential. Secure passwords, two-factor authentication, and encryption tools can help protect your information. Using virtual identities, such as alternative email addresses and phone numbers, can further safeguard your personal information.
Seek legal recourse if necessary. If a data broker refuses to comply with a deletion request, you may be able to file a formal complaint with regulatory authorities such as the Federal Trade Commission, which has brought cases against the industry.
However, it’s important to understand that not every state provides the same level of protection. Consult a privacy attorney if you believe your rights have been violated.
‘The future is unfortunately dark’
Experts say deleting the data is an imperfect solution, “a Band-Aid to address a gaping wound,” according to Chester.
“Consumers have been placed in a bad position,” he said. “Data is now a form of payment,” he added, referring to cases where the consumer wants a discount in the grocery store or pharmacy. “This is a comprehensive privacy problem which requires Congress or the FTC. The idea an individual can take care of their privacy … you can shut down a tiny bit of it, but you would need to spend a great deal of time, and once you opt-in to get a discount at a store, it all starts over again.”
The future of the data broker industry looks both promising and troubling as technological advancements continue. Javad Abed, assistant professor of information systems at Johns Hopkins Carey Business School, warns that data brokers will continue to evolve as AI and machine learning advance.
“With AI, data brokers will create even more detailed and predictive profiles, incorporating everything from biometric data to behavioral tracking,” Abed said. “The problem will increase, and things are going to become more complicated.”
Abed sees potential in blockchain and privacy-enhancing technologies, which could disrupt the data brokerage model by increasing transparency and giving individuals more control over their digital identities. However, he remains skeptical: “The future is unfortunately dark. It needs to be collaborative work. I don’t see the motivation right now from the main actors for a collaborative change.”
“Telling our grandmothers or a child to configure settings on their social media and their browsers and search engines is not a winning proposition,” Kurtic said. “It’s going to take a combination of regulation, technology on the vendor side, and know-how on our own personal side.”
Until regulation steps in, data brokers will continue to collect as much data as possible. “These are revenue streams for companies that might not have other recurring revenue streams,” Henderson said. “And given there’s no regulation stopping businesses from selling information about you, I don’t see the practice stopping, especially given how lucrative it is.”
A customer holds up the new orange-colored iPhone 17 Pro Max smartphone inside an Apple retail store in Chongqing, China, on September 19, 2025.
Cheng Xin | Getty Images News | Getty Images
The iPhone 17 hit store shelves worldwide on Friday, drawing lines from Beijing to London.
But beyond the launch buzz, Apple is under pressure to prove itself, grappling with questions over its artificial intelligence plans, as well as increasing competition.
Products on display for the first time include the iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air, as well as new Apple Watch and AirPods models.
While they were available for preorders in the U.S. from Sept. 12, the global launch holds particular significance as Apple takes on growing competition in overseas markets.
China competition
One of those markets is China, where customers waited for hours — and even overnight — to get their hands on the new iPhone
First in line at the Apple flagship Store in Sanlitun, Beijing, this morning, was Liu — he did not wish to be identified by his full name — who told CNBC that he had been queuing since 11 p.m. local time Thursday for his chance to pick up the iPhone 17 Pro Max.
A customer shows off his new iPhone 17 at Apple’s Regent Street store on Sept. 19.
Arjun Kharpal | CNBC
He said he was excited about the smartphone’s new color and exterior design, which Apple says has improved the phone’s heat dissipation.
Notably, Liu also said he has changed to Apple from Huawei in recent years, saying he preferred the iPhone for daily use and entertainment.
Another person, who wished to be identified only by his surname, Yang — an erstwhile Xiaomi user — said he had been waiting to get his hands on the latest iPhone, preferring its operating system.
Both Liu and Yang expect many Chinese residents to buy their first iPhone this year due to the new features, including larger internal storage.
If that trend were to pan out, it would be welcome news for Apple, which has lost market share in China to players such as Huawei and Xiaomi.
After years of leadership in the region, the iPhone-maker now only holds 10% of the Chinese smartphone market, trailing local players like Oppo, Huawei, Xiaomi and others, according to data from Omdia.
Apple’s latest iPhone models are shown on display at its Regent Street, London store on the launch day of the iPhone 17.
Arjun Kharpal | CNBC
So far, the signs are positive for the iPhone 17 series in China. Last Friday, JD.com — one of China’s largest ecommerce platforms — saw the first minute of iPhone 17 series preorders surpass the first-day preorder volume of last year’s iPhone 16 series, the company reported.
At 10 a.m. local time on Friday, JD.com said that iPhone 7 trade-in sales were four times higher than the same period last year.
Other markets
In the much smaller but affluent market of Singapore, the redesigned iPhone 17s were also met with fervor, with long lines forming outside Apple outlets across the city.
Iman Isa and Daniel Muhamed Nuv, two young professionals in Singapore, both queued for hours at Apple’s outlet in the city’s iconic Marina Bay mall to buy iPhone 17 Pros, which they said were their first new phones in years.
Citing the fresh design, longer battery life and improved camera, they said the new phones offer enough to keep them loyal to the Apple ecosystem.
Based on preorder times and consumer feedback, the initial global demand for the iPhone 17 series appears largely positive, said Le Xuan Chiew, a research manager at Omdia.
The iPhone 17 base model in particular has outperformed expectations, as the pricing at launch remained unchanged from its predecessor despite upgrades in memory storage, Chiew said.
In Singapore, customers arriving at Apple outlets had also been looking to nab some of the company’s new AirPods Pro 3, citing the product’s live translation feature as a major selling point.
In London, lines were notably longer than they were at last year’s launch of the iPhone 16, and customers appeared more interested in the premium offerings — the Pro and Pro Max models — this time around.
People lined up outside Apple’s Regent Street, London store on Sept. 19 to get their hands on the latest iPhone 17.
Arjun Kharpal | CNBC
“For the last five years, I’ve been in a pattern of constantly upgrading my phone, because every year Apple is bringing something new to the table,” one customer, Jasmine, said. “I just love having that experience of Apple every year.”
Meanwhile, Michael, who described himself as a content creator, said he was drawn by the battery and camera.
“I thought about going for the [iPhone] Air, but I just don’t know whether or not the battery is going to be able to hold up. And that single camera? I don’t know, it’s just a little bit off-putting on the back,” he said of Apple’s thin iPhone 17 offering.
Apple intelligence
A successful iPhone 17 launch could help reassure Apple investors after a somewhat underwhelming rollout of its artificial intelligence features, which began late last year.
Speaking to CNBC’s “Squawk Box Europe” last week, Ben Wood, chief analyst at CCS Insight, lauded Apple’s latest product launches but said the company now needed to deliver on artificial intelligence.
“There is no question that Apple needs to deliver on AI,” he said, noting that the company had “dropped the ball” last year by making big promises that failed to materialize.
“Apple has to catch up [in AI], but right now, I think they’ve got enough runway to be able to cope in the intervening period.”
– CNBC’s Eunice Yoon contributed to this report
Technology
Nvidia just spent over $900 million to hire Enfabrica CEO, license AI startup’s technology
Co-founder and chief executive officer of Nvidia Corp., Jensen Huang attends the 9th edition of the VivaTech trade show in Paris on June 11, 2025.
Chesnot | Getty Images Entertainment | Getty Images
Nvidia has just shelled out over $900 million to hire Enfabrica CEO Rochan Sankar and other employees at the artificial intelligence hardware startup, and to license the company’s technology, CNBC has learned.
In a deal reminiscent of recent AI talent acquisitions made by Meta and Google, Nvidia is paying cash and stock in the transaction, according to two people familiar with the arrangement. The deal closed last week, and Enfabrica CEO Rochan Sankar has joined Nvidia, said the people, who asked not to be named because the matter is private.
Nvidia has served as the backbone of the AI boom that began with the launch of OpenAI’s ChatGPT in late 2022. The company’s graphics processing units (GPUs), which are generally purchased in large clusters, power the training of large language models and allow for big cloud providers to offer AI services to clients.
Enfabrica, founded in 2019, says its technology can connect more than 100,000 GPUs together. It’s a solution that could help Nvidia offer integrated systems around its chips so clusters can effectively serve as a single computer.
A spokesperson for Nvidia declined to comment, and Enfabrica didn’t provide a comment for this story.
While Nvidia’s earlier AI chips like the A100 were single processors slotted into servers, its most recent products come in tall racks with 72 GPUs installed working together. That’s the kind of system inside the $4 billion data center in Wisconsin that Microsoft announced on Thursday.
Nvidia previously invested in Enfabrica as part of a $125 million Series B round in 2023 that was led by Atreides Management. The company didn’t disclose its valuation at the time, but said that it was a fivefold increase from its Series A funding.
Late last year, Enfabrica raised another $115 million from investors including Spark Capital, Arm, Samsung and Cisco. According to PitchBook, the post-money valuation was about $600 million.
Tech giants Meta, Google, Microsoft and Amazon have all poured money into hiring top AI talent through deals that resemble acquihires. The transactions allow the companies to bring in top engineers and researchers without worrying about the regulatory hassles that come with acquisitions.
The biggest such deal came in June, when Meta spent $14.3 billion on Scale AI founder Alexandr Wang and others and took a 49% stake in the AI startup. A month later, Google announced an agreement to bring in Varun Mohan, co-founder and CEO of artificial intelligence coding startup Windsurf, and other research and development employees in a $2.4 billion deal that also included licensing fees.
Last year, Google made a similar deal to bring in the founders of Character.AI. Microsoft did the same thing for Inflection, as did Amazon for Adept.
While Nvidia has been a big investor in AI technologies and infrastructure, it hasn’t been a significant acquirer. The company’s only billion-dollar-plus deal was for Israeli chip designer Mellanox, a $6.9 billion purchase announced in 2019. Much of Nvidia’s current Blackwell product lineup is enabled by networking technology that it acquired through that acquisition.
Nvidia tried to buy chip design company Arm, but that deal collapsed in 2022 due to regulatory pressure. In the past year, Nvidia closed a $700 million purchase of Run:ai, an Israeli company whose technology helps software makers optimize their infrastructure for AI.
On Thursday, Nvidia announced one of its most sizable investments to date. The chipmaker said it’s taken a $5 billion stake in Intel, and announced that the two companies will collaborate on AI processors. Nvidia also said this week that it invested close to $700 million in U.K. data center startup Nscale.
— Correction: A prior version of this story mistakenly included the name of a company as an investor in Enfabrica.
CrowdStrike logo is seen in this illustration taken July 29, 2024.
Dado Ruvic | Reuters
CrowdStrike shares popped about 13%, a day after the cybersecurity firm issued better-than-expected long-term guidance at its investor day.
The company on Wednesday said it expects net new annual recurring revenues to grow at least 20% in 2027, ahead of analysts’ expectations. CrowdStrike plans for ARR to hit $10 billion by 2031, and then double to $20 billion by 2036.
Earlier this week, the firm said it was buying AI security platform Pangea and announced a partnership with Salesforce.
“CrowdStrike is by far the most advanced security platform in the industry, and the plethora of AI-based solutions announced today will further separate CrowdStrike from the competition,” wrote Wells Fargo analyst Andrew Nowinski in a note following the event.
Some Wall Street firms also boosted their price targets.
Cybersecurity has taken center stage this year as businesses beef up security in the age of artificial intelligence. Many companies have harnessed AI tools to strengthen their offering as threats rise in sophistication.
This year’s biggest tech deals have included Google’s $32 billion acquisition of Israeli cybersecurity startup Wiz and Palo Alto Networks’ $25 billion CyberArk deal.
Cybersecurity firm Netskope hit the public market Thursday, while Thoma Bravo-backed SailPoint debuted earlier this year.
During its recent earnings report, CrowdStrike’s revenue guidance for the third quarter fell short of analysts’ expectations.
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports1 year agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoButton battles heat exhaustion in NASCAR debut
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment12 months agoHere are the best electric bikes you can buy at every price level in October 2024