A recent Congressional report reveals that lax data broker practices have contributed to an estimated $20.9 billion in consumer losses due to identity theft. The findings, released by Democrats on the Joint Economic Committee (JEC), stem from an investigation into how companies collect, store, and protect sensitive personal information.
The Hidden Obstacles to Privacy
The inquiry began after a joint investigation by The Markup and CalMatters exposed how several data brokers were actively concealing opt-out tools from search engines using “no index” directives. This tactic effectively made it harder for individuals to remove their data from these firms’ records, leaving them vulnerable to scams.
Scammers exploit the granular personal details held by these companies—including dates of birth, addresses, and even Social Security numbers—to execute targeted fraud. The report highlights how this facilitates sophisticated identity theft schemes.
Company Responses and One Notable Holdout
Following Senator Maggie Hassan’s investigative requests, four of the five companies examined—Comscore, IQVIA Digital, Telesign, and 6Sense Insights—have taken steps to improve accessibility to opt-out options. These included removing the “no index” code, adding more visible links, and posting clearer privacy guidance.
However, Findem did not respond to either Hassan’s office or repeated inquiries from committee staff. The company still employs the “no index” code on its opt-out page, and internal data shows it failed to process 80% of privacy requests in 2024, citing “insufficient data.”
The Scale of the Problem
The JEC report analyzed data breaches from the past decade—including incidents at Equifax (2017), Exactis (2018), National Public Data (2023), and TransUnion (2025)—to estimate the total financial harm. The study suggests that roughly 30% of breach victims experience identity theft, with 58–69% incurring financial losses.
The median loss per victim is around $200, but the report emphasizes that these figures can be significantly higher, as demonstrated by class-action settlements like the 2017 Equifax case, where some claimants received up to $20,000 in damages.
The Bigger Picture
This report underscores a growing problem: the proliferation of data brokers and their often-opaque privacy practices. These companies compile vast amounts of personal data, which can then be exploited by malicious actors. While some firms have shown willingness to improve access to opt-out tools, others remain unresponsive or actively obstruct consumers from protecting their information.
The findings suggest that regulatory pressure and public scrutiny are essential for holding these firms accountable. Senator Hassan stated that the investigation proves that “public pressure can prompt companies to improve access to privacy tools.” This situation calls for stricter oversight and greater transparency in the data brokerage industry to mitigate the escalating threat of identity theft.
