The data broker industry operates in a shadowy world, often with little transparency or accountability. This lack of oversight has led to a series of scandals and breaches that have exposed the vulnerability of personal information and the potential for misuse. These incidents highlight the need for greater awareness and stronger data protection measures.
Gravy Analytics Breach (2025):
One of the most recent and significant breaches involved Gravy Analytics, a location data broker that tracks over a billion devices daily. Hackers gained access to the company’s Amazon Web Services (AWS) cloud storage environment using a “misappropriated key,” potentially exposing the precise location information of millions of individuals. This breach raised serious privacy concerns, especially for vulnerable groups who could be identified and targeted based on their location data. The stolen data included precise latitude and longitude coordinates of the phone and the time at which the phone was there. Some even indicate what country the data has been collected from.
Other Notable Breaches:
- Exactis (2018): This data broker exposed nearly 340 million people’s information to the public internet through an unsecure server.
- Apollo (2018): This data broker was hacked, exposing billions of data points on people, including email addresses.
- LimeLeads (2019): This data broker failed to set up a password for its internal server, allowing anyone to access data on 49 million people.
- Social Data (2020): This data broker exposed nearly 235 million social media profiles on a server with no password or authentication.
These breaches demonstrate that data brokers are not always adequately protecting the sensitive information they collect. This puts individuals at risk of identity theft, discrimination, and other harms.
FTC Crackdown:
The Federal Trade Commission (FTC) has taken action against data brokers for deceptive practices and violations of privacy laws. In December 2024, the FTC banned Gravy Analytics and its subsidiary Venntel from collecting and selling Americans’ location data without consent. The FTC accused the company of unlawfully tracking millions of people to sensitive locations, like healthcare clinics and military bases.
The Need for Change:
These scandals and breaches highlight the need for stronger regulations and greater transparency in the data broker industry. Consumers need more control over their personal information and how it is collected, used, and shared.
