Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
from Colin LetcherCalMatters
![""]("https://i0.wp.com/calmatters.org/wp-content/uploads/2026/02/031425_Maggie-Hassan_AP_CM_01.jpg?fit=1200%2C800&ssl=1")
This story was originally published by CalMatters. Sign up for their newsletters.
Data broker breaches have cost US consumers more than $20 billion, The Joint Economic Committee of Congress revealed Friday as part of an investigation launched by The Markup and CalMatters.
The expected losses stem from identity theft linked to just four recent data breaches involving major brokerages, the committee said in a report.
Released by the committee’s Democratic minority, the document repeatedly cites data broker reporting by The Markup and CalMatters, done in collaboration with WIRED.
The commission followed up directly on the Markup and CalMatters reports, which in August showed how data brokers hide from legally required search engine pages where California residents can ask brokers to delete or stop selling their data.
Shortly after this story was published, New Hampshire Democratic Sen. Maggie Hassan, a ranking member of the committee, send a letter pressuring some brokers to explain their practices. In response, the report revealed that four major data brokers have engaged with congressional officials and changed their practices to make it easier for users to control the use of their data.
Data brokers and the no-index label.
Data brokers as defined in California law that require brokers to provide users with so-called opt-out pages are companies that collect data about users, then sell that data to other companies that have no direct relationship with users. Typically, companies buy such information from data brokers for marketing purposes.
Brokers can collect the data from information such as public records or more invasive methods such as tracking online activity. Although brokers hold potentially sensitive consumer information, many Americans don’t know they exist.
Under California law, data brokers who reach a certain size are required to register and provide a clear way for consumers to request that their information be removed, not sold, or accessed. But an August story by The Markup and CalMatters explored how several data brokers used a code called a “no-index” tag on pages where users could exercise their right to opt out.
The tag is used to tell search engines not to index the page, meaning that the information may not be returned in search results. The story notes that this creates a barrier for consumers who want to block brokers from using their data. Many of the data brokers quickly removed the tag after the story was published.
In response to this initial report, Hassan independently contacted five major brokersasking for more information about their practices. Only one registered broker, called Findem, refused to engage with staff or change its practices, the report said.
“Following the requests of Ranking Member Hassan, most companies have taken actions to make their opt-out and other privacy pages more visible to people, including by removing the ‘no index’ code, adding opt-out links in more prominent places, and publishing blog content that explains how users can exercise their privacy rights,” the report said. “Ranking Member Hassan welcomes these actions as support for better protecting consumers against fraud and other harm.”
Billions lost
The report goes on to estimate the potential losses incurred by consumers due to recent data broker breaches at $20.8 billion.
Congressional staff found that hundreds of millions of people were exposed to just four major data broker breaches in the past 10 years. The breaches counted are the 2017 Equifax incident affecting 147 million people, as well as others including Exactis in 2018, 230 million people, National Public in 2023, 270 million people, and TransUnion in 2025, 4 million people.
Using estimates of the number of people who experienced identity theft following breaches, as well as an assumed average loss of $200 from theft, the report arrived at a figure of nearly $21 billion.
The report calls for action to prevent similar losses in the future, including by filling gaps revealed by The Markup and CalMatters reports on brokers.
“The Committee’s findings highlight the need for clear, easy access to opt-out options and stronger oversight of the data broker industry. Especially given the Committee’s estimate that US residents have lost more than $20 billion in recent data breaches, additional action is needed to protect Americans from data broker fraud,” the report said. “At a minimum, opt-out options should be easy to find and use.”
A new state website allows California residents to remove their personal information from hundreds of brokers at once. Markup and CalMatters have a guide to using the website here.
This article was originally published on CalMatters and is republished under Creative Commons Attribution-NonCommercial-No Derivatives license.