Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Democrats in Congress are on The Joint Economic Commission says it has identified more than $20.9 billion in identity theft-related consumer losses linked to four major breaches involving data brokerage companies. The estimate was released Friday in a minority report stemming from a A months-long investigation into data broker practices Launched by US Senator Maggie Hassan.
Hassan, a New Hampshire Democrat and ranking member of the Joint Elections Committee, sent investigative requests to five major data brokers — Comscore, Findem, IQVIA Digital, Telesign and 6Sense Insights — in August following an investigation he conducted. Tags and CalMatterspublished by WIRED, I found that some data brokers were hiding opt-out tools from Google and other search engines using a “no index” instruction that tells web crawlers not to list the page.
Scammers appear to be using the type of sensitive data held by such companies — including identifiers like dates of birth, addresses, and even Social Security numbers — to target victims with personal fraud.
Four of the companies took steps after good communication to improve access to opt-out options, including by removing the “do not index” icon, adding more prominent links, and publishing guidance on exercising privacy rights.
But Vendim did not respond to Hasan or to follow up with the committee’s staff, and the staff said that the company had not removed the “do not index” icon from its page. WIRED’s calls to Findem were not returned Thursday.
Findem’s “failure to respond” to lawmakers’ inquiries raises “serious and broad questions about its response to opt-out requests and commitment to data privacy,” the report says, adding that its mandatory disclosures from 2024 show the company “did not address 80 percent of privacy requests from consumers and other parties,” citing “insufficient data.”
IQVIA, 6sense and Comscore did not immediately respond to requests for comment. Telesign directs press inquiries through an online form that requires reporters to agree to receive marketing communications, which was not used for this reason; Instead, the company email address that appeared in previously leaked breach data was tried.
The Markup/CalMatters investigation found that dozens of data brokers registered in California were using “no index” code and other dark patterns that made it difficult to find opt-out and deletion pages. “By doing so, companies made it more difficult for people to protect their information from fraudsters,” the JEC minority report says.
Comscore told the committee that it reviewed its website after receiving Hassan’s request and found that the Data Subject Rights page – which directs users to separate forms for submitting opt-out requests – contained a “no index” icon. The company said it traced the code, which it removed, to an earlier version of the page that was created in 2003. The report says the company was unable to determine why it was added, but noted that it “was not intended to prevent consumer access.”
Telesign confirmed that its opt-out form, hosted on its Privacy Request page, was not appearing in search results at the time of the Markup/CalMatters report; It attributed the issue to a third-party SEO tool that restricts visibility by default, and says it has now enabled indexing and added a footer link to the form.
JEC staff say Telesign’s approach still forces consumers to look beyond its main site, and even where links do exist, they are often buried on pages users wouldn’t reasonably think to check — including privacy notice pages that exceed 9,000 words.
6sense disputed that its main Privacy Center was hidden, but acknowledged that its Privacy Policy page — which links to opt-out tools — previously had a “no index” icon, adding that it removed the icon after the Markup/CalMatters report. The report says 6sense was the only company that reported using third-party audits to assess the visibility of opt-out options and whether requests were being processed successfully.