The 10 Most Dangerous Data Brokers You've Never Heard Of

When people think about data brokers, they think about people-search sites — Spokeo, WhitePages, BeenVerified. These sites are visible, annoying, and relatively easy to opt out of. But they're the shallow end of the pool. The data brokers that pose the greatest risk to your privacy are companies you've probably never heard of. They don't have consumer-facing websites. They sell to governments, insurance companies, law enforcement, and employers. And their data is used to make decisions about your life — what you pay for insurance, whether you get a job, and whether a government agency decides to investigate you.

Here are the 10 most consequential data brokers operating in 2026, ranked by the scope of data they collect, who they sell to, and the real-world impact on the people in their databases.

1. Babel Street

Babel Street is an analytics company that provides location data and identity resolution tools primarily to government agencies. Its flagship product, Locate X, uses data collected from smartphone apps to track the physical movements of individuals — without their knowledge or meaningful consent.

What they collect: Precise GPS location data harvested from mobile advertising exchanges. When an app on your phone requests location permission and shows ads, your GPS coordinates are often transmitted to ad networks. Babel Street aggregates this data to build movement histories for individual devices.

Who buys it: Immigration and Customs Enforcement (ICE), Customs and Border Protection (CBP), the IRS Criminal Investigation division, the Secret Service, and the Defense Intelligence Agency. Babel Street has also sold to state and local law enforcement agencies.

Why it matters: Babel Street allows government agencies to track individuals' movements without obtaining a warrant. This end-run around Fourth Amendment protections has drawn criticism from civil liberties organizations and several members of Congress. In 2024, a bipartisan group of senators called for an investigation into federal agencies purchasing location data from commercial brokers.

2. Gravy Analytics / Venntel

Gravy Analytics collects location data from mobile apps and sells it through its subsidiary Venntel, which focuses specifically on government clients. The FTC took enforcement action against both companies in early 2025, finalizing an order that prohibited them from selling sensitive location data.

What they collect: GPS-level location data from over 1 billion mobile devices globally, derived from embedded SDKs and advertising bid stream data in thousands of popular apps.

Who buys it: CBP and ICE were the primary government purchasers. Venntel's data was used for immigration enforcement operations. Commercial clients included advertisers and hedge funds using foot traffic data.

FTC action: In January 2025, the FTC finalized its consent order against Gravy Analytics and Venntel, banning them from selling or licensing sensitive location data — defined as data revealing visits to healthcare facilities, religious organizations, domestic violence shelters, and similar locations. The order also required the companies to delete all previously collected sensitive location data. This was one of the FTC's most significant data broker enforcement actions.

3. Mobilewalla

Mobilewalla describes itself as a "consumer intelligence" company. In practice, it collects location and behavioral data from mobile devices and sells audience profiles to advertisers, political campaigns, and government contractors.

What they collect: Location data, app usage patterns, device identifiers, and demographic inferences for over 1.6 billion device profiles globally. Mobilewalla creates behavioral segments like "people who visited a specific store," "people who attended a protest," or "people who visited a health clinic."

Who buys it: Advertising agencies, political consultants, government contractors, and law enforcement agencies. In 2020, Mobilewalla was reported to be tracking participants in Black Lives Matter protests and selling the data to clients.

FTC action: The FTC filed a complaint against Mobilewalla in 2024, alleging the company collected and sold consumer location data without adequate consent. The proposed settlement would prohibit Mobilewalla from selling sensitive location data and require the company to establish a comprehensive privacy program.

4. LexisNexis Risk Solutions

LexisNexis Risk Solutions is a division of RELX Group and one of the largest data aggregators in the world. It's distinct from the LexisNexis legal research database — Risk Solutions focuses on identity verification, fraud detection, and risk assessment using massive databases of personal information.

What they collect: Court records, property records, vehicle registrations, voter data, insurance claims, employment history, professional licenses, social media profiles, and consumer credit-adjacent data. LexisNexis maintains files on virtually every American adult.

Who buys it: Insurance companies, banks, employers, landlords, law enforcement, and government agencies. LexisNexis has contracts with ICE worth over $16 million for identity verification and people-search tools. The company's data is also used by background check companies and skip-tracing services.

Why it matters: LexisNexis data directly affects your life outcomes. It influences insurance premiums (through CLUE reports), employment decisions (through background checks), and housing applications (through tenant screening). Unlike a people-search site that just lists your name and address, LexisNexis data is used to make decisions about you. You can request your LexisNexis consumer report and dispute inaccuracies, but fully opting out of LexisNexis's data collection is extremely difficult.

5. Acxiom (Liveramp)

Acxiom, now operating under the LiveRamp brand for its data connectivity business, is one of the oldest and largest consumer data brokers in the US. Founded in 1969, the company maintains detailed profiles on over 2.5 billion consumers worldwide.

What they collect: Purchase history, household income estimates, political affiliation, religious affiliation, health interests (including inferred medical conditions), vehicle ownership, magazine subscriptions, charitable donations, and thousands of other data points. Acxiom categorizes consumers into segments like "Midlife Success" or "Young Digerati" and sells these profiles to marketers.

Who buys it: Major brands, advertising agencies, political campaigns, financial services companies, and healthcare marketers. Acxiom is embedded in the advertising infrastructure of the internet — their identity graphs help advertisers match the same person across devices and platforms.

Why it matters: Acxiom's profiles are so detailed that they can infer sensitive attributes — like whether you're likely dealing with a medical condition, going through a divorce, or experiencing financial distress — based on purchasing patterns and behavioral data. This data is used for targeted advertising, but also for pricing optimization, insurance underwriting, and credit decisions. You can submit an opt-out request to Acxiom, but the process is slow and they may retain some data for suppression purposes.

6. Epsilon (Publicis Groupe)

Epsilon, acquired by Publicis Groupe for $4.4 billion in 2019, is a data-driven marketing company that maintains one of the largest commercial consumer databases in the world. Their CORE ID system links over 250 million US consumers to transaction, behavioral, and demographic data.

What they collect: Transaction-level purchase data from retail partnerships, online browsing behavior, email engagement metrics, loyalty program data, demographic profiles, and lifestyle indicators. Epsilon processes billions of consumer transactions annually and builds predictive models that estimate future purchasing behavior.

Who buys it: Large brands, financial services companies, automotive manufacturers, retailers, and political campaigns. Epsilon's data powers targeted advertising across email, direct mail, digital ads, and connected TV.

Why it matters: Epsilon's consumer database is so comprehensive that it was the target of a major data breach in 2011 that exposed customer data from dozens of major companies including Citibank, JPMorgan Chase, and Best Buy. The company has faced multiple class-action lawsuits and FTC scrutiny over its data collection practices. Because Epsilon operates primarily through B2B relationships, most consumers don't know their data is in Epsilon's systems at all.

7. Verisk Analytics

Verisk is a data analytics company that primarily serves the insurance industry. If you've ever wondered how insurance companies know so much about you when you apply for a policy, Verisk is a big part of the answer.

What they collect: Insurance claims history (through the CLUE database), property records, building permit data, replacement cost estimates, auto insurance scores, workers' compensation claims, health risk assessments, and natural disaster exposure data. Verisk maintains the industry's most comprehensive database of insurance loss history.

Who buys it: Insurance companies — property, casualty, auto, health, and life. Also used by mortgage lenders, real estate investors, and government agencies responsible for natural disaster preparedness.

Why it matters: Verisk's data directly determines your insurance premiums. Their CLUE (Comprehensive Loss Underwriting Exchange) database tracks every insurance claim you've ever filed, and insurers use it to price your coverage. A single claim from years ago can follow you to every insurance application for up to seven years. Verisk's data is also used for risk scoring that can affect whether you get coverage at all.

8. Oracle Data Cloud (Now Oracle Advertising)

Oracle's data division, rebranded as Oracle Advertising, operated one of the largest third-party data marketplaces in the world before Oracle announced plans to wind down its advertising business in 2024. However, Oracle's data assets — accumulated through acquisitions of BlueKai, Datalogix, AddThis, and Moat — remain vast, and portions continue to operate under different divisions.

What they collected: Web browsing history (through BlueKai's tracking cookies deployed on millions of websites), offline purchase data (through Datalogix's partnerships with grocery chains and retailers), social sharing behavior (through AddThis widgets embedded on 15 million websites), and ad viewability metrics (through Moat).

Who bought it: Advertisers, media agencies, political campaigns, and publishers. Oracle's Data Marketplace allowed buyers to purchase audience segments based on purchase history, browsing behavior, and demographic attributes. Oracle's ad tech was used by thousands of companies to target consumers.

Why it matters: Even as Oracle winds down its advertising business, the data it collected over a decade of acquisitions remains in its systems. Oracle faced a $115 million class-action settlement in 2022 over claims that BlueKai tracked consumers without consent. The company's data collection infrastructure — billions of tracking cookies and SDKs embedded across the web — created one of the most comprehensive surveillance systems in advertising history.

9. Kochava

Kochava is a mobile attribution and analytics company that the FTC pursued for selling precise geolocation data that could be used to track individuals visiting sensitive locations.

What they collect: Precise GPS location data from mobile devices through SDKs embedded in popular apps. Kochava collects device-level location data with timestamps, allowing buyers to reconstruct a device's movement history — where you went, when you were there, and how long you stayed.

Who buys it: Advertisers, app developers, and — critically — anyone willing to pay for the data through Kochava's data marketplace. The FTC alleged that Kochava sold geolocation data that could be used to identify people visiting reproductive health clinics, addiction recovery centers, and places of worship.

FTC action: The FTC filed suit against Kochava in August 2022. After initial legal challenges, the FTC and Kochava reached a settlement in 2024 requiring the company to stop selling sensitive location data, implement geofencing around sensitive locations, and establish a comprehensive privacy program. The case set an important precedent for FTC enforcement against location data brokers.

10. Thomson Reuters / CLEAR

Thomson Reuters operates CLEAR, a powerful investigative platform used by law enforcement, government agencies, and corporate investigators. CLEAR aggregates data from hundreds of sources to create detailed dossiers on individuals.

What they collect: Criminal records, civil court filings, property records, business registrations, professional licenses, utility connections, vehicle registrations, social media profiles, and address history. CLEAR also incorporates real-time data feeds including arrest records and booking photos.

Who buys it: Law enforcement agencies at the federal, state, and local levels. Government investigators. Corporate security departments. Insurance investigators. Legal professionals. CLEAR is one of the most widely used investigative tools in US law enforcement.

Why it matters: CLEAR gives law enforcement and corporate investigators access to a comprehensive profile of your life — without a warrant, subpoena, or any legal process. The data is commercially available to anyone with a CLEAR subscription. Unlike NCIC or other law enforcement databases that have legal restrictions on access, CLEAR operates as a commercial product with no Fourth Amendment constraints.

Summary Table

How to Limit Your Exposure

The honest truth is that fully opting out of all ten of these companies ranges from difficult to impossible. Several of them — Babel Street, Venntel, Verisk — have no public-facing opt-out process at all. But there are concrete steps that reduce your exposure:

1. Audit your phone's app permissions. The single most impactful thing you can do. Revoke location access for any app that doesn't genuinely need it. Turn off "precise location" when you can use approximate location instead. This cuts off the data supply to location brokers like Gravy Analytics, Mobilewalla, and Kochava.
2. Opt out of advertising identifiers. On iOS, go to Settings > Privacy > Tracking and disable "Allow Apps to Request to Track." On Android, go to Settings > Privacy > Ads and delete your advertising ID. This makes it harder for brokers to link your data across apps.
3. Submit opt-out requests to brokers that accept them. Acxiom, LexisNexis, Epsilon, and Oracle all have consumer opt-out processes — though they're slow and limited. Start with the ones that directly affect your insurance, employment, and credit.
4. Remove your data from people-search sites. People-search sites like Spokeo and BeenVerified feed data upstream to enterprise brokers. Removing your listings from consumer-facing sites reduces the data available to the companies on this list. A service like GhostVault automates this across 500+ sites for $3.99/month.
5. Use privacy-focused tools. A VPN prevents IP-based tracking. Privacy-focused browsers like Firefox and Brave block third-party cookies and trackers. A privacy-focused email relay (like Apple's Hide My Email or SimpleLogin) prevents email-based identity linking.
6. Request your consumer reports. Under FCRA, you can request your LexisNexis consumer report, your Verisk CLUE report, and your ChexSystems report for free once a year. Review them for inaccuracies and dispute anything incorrect — these reports directly affect your insurance, banking, and employment.

Frequently Asked Questions

Which data brokers sell data to the US government?

Several brokers on this list have documented government contracts. Babel Street sells location data and identity tools to ICE, CBP, the IRS Criminal Investigation division, and the Defense Intelligence Agency. Venntel (a Gravy Analytics subsidiary) sold phone location data to CBP and ICE until the FTC banned the practice. LexisNexis Risk Solutions has contracts with ICE worth over $16 million for identity verification. Thomson Reuters' CLEAR platform is used by law enforcement at all levels. These sales allow government agencies to access data that would typically require a warrant if obtained through direct surveillance.

Has the FTC taken action against data brokers?

Yes, the FTC has pursued several significant enforcement actions. In early 2025, the FTC finalized its order against Gravy Analytics and Venntel, banning them from selling sensitive location data. In 2024, the FTC reached a settlement with Kochava over the sale of geolocation data that could track visits to sensitive locations. The FTC also took action against Mobilewalla for selling consumer location data without consent, and against InMarket Media for similar practices. These cases have established important precedents, but they remain the exception — most data brokers have faced no regulatory consequences.

Can I opt out of data brokers that sell to the government?

It varies by broker. Acxiom, LexisNexis, and Epsilon offer consumer opt-out processes, though they are often slow, incomplete, and difficult to navigate. Babel Street, Venntel, and Verisk have no public consumer opt-out mechanism. The most effective strategy is reducing data collection at the source — auditing app permissions, disabling advertising identifiers, and limiting the personal information you share online. Removing your data from consumer-facing people-search sites also helps, since those sites feed data upstream to enterprise brokers.

What kind of data do enterprise data brokers collect?

Far more than names and addresses. Location brokers like Gravy Analytics and Mobilewalla collect precise GPS coordinates from phone apps, allowing them to track which buildings you visit. Consumer profile brokers like Acxiom and Epsilon build profiles with thousands of data points — purchase history, inferred health conditions, political leanings, financial status, and lifestyle indicators. LexisNexis aggregates court records, employment history, and insurance claims. Verisk tracks every insurance claim you've ever filed. Thomson Reuters' CLEAR combines criminal records, property data, and social media profiles into investigative dossiers.

Are data brokers legal?

In the United States, data brokerage is legal in most contexts. There is no comprehensive federal data privacy law that prohibits the collection and sale of personal data. Some states — notably California, Vermont, Texas, and Oregon — require data brokers to register and provide consumers with opt-out rights. The FTC has enforcement authority over deceptive or unfair practices, which is how it has pursued cases against brokers that misrepresented their data handling. But the core business model — collecting personal information from public and commercial sources and selling it to interested buyers — remains legal throughout most of the country.