.webp)
If you have ever signed up for an online account, filed a public record, or used a loyalty program, there is a good chance your name, home address, phone number, and email are listed on websites you have never heard of. Data brokers collect that kind of information from public records, loyalty programs, apps, and old accounts, then package it and sell it to advertisers, background check companies, and sometimes criminals. A free PII exposure scan in 2026 can show you exactly which sites have your data.
A 2026 congressional investigation found that breaches at just four major data brokers cost American consumers over $20 billion in identity theft losses. Some market estimates project the global data broker industry could exceed $500 billion within the next decade, and most of it runs on information people never agreed to share.
So, how do you find out who is selling your information? And what can you actually do about it? Below is a simple, step-by-step guide to running your own PII exposure audit and taking back control of your personal data.
What a Data Broker Actually Is
A data broker is a company that collects personal information about people it has no direct relationship with, then sells or licenses that data to third parties. Data brokers pull from public records, online activity, purchase histories, and other brokers to build profiles on hundreds of millions of Americans. Most people have never heard of companies trading their information.
A Real-World Example of What Data Brokers Sell
In January 2026, California's privacy regulator (CalPrivacy) fined a Texas-based data broker called Datamasters $45,000 and banned it from selling Californians' personal information. According to CalPrivacy's enforcement order, Datamasters had been buying and reselling the names, addresses, phone numbers, and email addresses of millions of people with Alzheimer's disease, drug addiction, and bladder incontinence for targeted advertising. The company's database included over 231 million individual names and addresses across 114 million U.S. households. Datamasters also sold lists based on age, perceived race, political views, grocery purchases, and banking activity.
CalPrivacy's head of enforcement, Michael Macko, said in the official announcement: "Reselling lists of people battling Alzheimer's disease is a recipe for trouble. In the wrong hands, these lists could be used to target people for more than just advertising."
If you are wondering who is selling my information, the Datamasters case shows that the answer may include companies you have never heard of, selling data you never knew they had.
Step 1: Run a Free Data Broker Scan
The fastest way to check what data brokers know about you is to use a free scanning tool. Several services let you type in your name and see which people-search sites already have a profile on you.
What a Free Scan Actually Shows You
A free PII exposure scan typically checks 10 to 200+ data broker sites and returns a list of where your personal information appears. Most scans look for:
- Your full name and known aliases
- Home addresses (current and past)
- Phone numbers and email addresses
- Names of family members and associates
- Age, date of birth, and employer
You do not need to pay anything to get a basic snapshot of your exposure. A free tool to check what data brokers have on me will usually show which sites have your profile, even if it does not show every data point those sites hold.
Where to Start
Google your own full name plus your city and state. Open the first page of results and look for sites like Spokeo, Whitepages, TruePeopleSearch, BeenVerified, and Radaris. If your name, address, or phone number appears on any of these, data brokers likely have your information and may be selling it.
For a faster approach, use a dedicated scanner that checks multiple broker sites at once. Cloaked, for example, offers a free safety scan that searches across 300+ data broker and people-search sites in minutes.
Step 2: Search Yourself on People-Search Sites Manually
Automated scans catch a lot, but a manual search fills in the gaps. People-search sites are some of the biggest sources of exposed personal data, and anyone can look you up for a few dollars.
The Sites That Matter Most
Focus on these first. Together, these sites attract millions of monthly visits in the U.S.:
- Whitepages
- TruePeopleSearch
- Spokeo
- BeenVerified
- Radaris
- FastPeopleSearch
- PeekYou
Search your name on each one. If a profile comes up, that site is actively displaying (and often selling) your personal details to anyone who searches for you. Knowing how to scan if my data is on people-search sites is as simple as typing your name into each site's search bar.
What to Do When You Find Yourself Listed
Most people-search sites are required under state privacy laws to offer some form of opt-out process. Look for a "Do Not Sell My Info" or "Remove My Listing" link, usually buried in the footer. The catch? Each site has its own process. Some require an email, some want a photo ID, and some make you fax a form. Multiply that by dozens of sites, and you are looking at hours of work.
Step 3: Check Data Broker Registries
Several U.S. states now require data brokers to register publicly. Checking these registries can help you answer the question of how to find out who is selling my data on a larger scale.
State Registries Worth Checking
- California: The California Privacy Protection Agency maintains a public list of 500+ registered data brokers. California residents can also use the new DELETE Act's DROP platform, which launched in January 2026, to submit a single deletion request that reaches every registered broker in the state.
- Vermont: Vermont's data broker registry has been public since 2019 and lists companies that buy and sell personal data.
- Texas and Oregon: Both states passed data broker registration laws in 2023, adding more transparency.
These registries will not tell you exactly what a specific broker has on you. But they show you the companies that are in the business of trading your information.
Step 4: Check for Your Data in Known Breaches
Data breaches are one of the biggest pipelines feeding your personal information to bad actors. Checking if your email or phone number has been compromised in a breach tells you where your data may have leaked.
Free Breach-Check Tools
The most widely used free tool is Have I Been Pwned (haveibeenpwned.com). Enter your email address, and you will see a list of every known breach that included it. For each breach, the tool shows what was exposed, such as passwords, phone numbers, or physical addresses.
If your email shows up in multiple breaches, that information may have spread to data brokers, spam lists, and possibly the dark web. Pairing breach monitoring with dark web and SSN monitoring gives you a much fuller picture of your exposure.
Step 5: Submit Opt-Out and Deletion Requests
Once you know where your data lives, the next step is getting it removed.
The Manual Route
Visit each data broker or people-search site and go through the opt-out process. On average, each site takes 10 to 20 minutes. With hundreds of brokers out there, doing this yourself could take weeks. And many brokers re-add your information within 3 to 6 months from public records updates, so one-time removal is not enough.
The Automated Route
Automated data removal services handle opt-out requests on your behalf and continue monitoring for re-listings. Instead of spending hundreds of hours on manual requests, you sign up once and let the service do the ongoing work.
Step 6: Prevent Future Exposure
Removing your data once is a start, not a finish. Data brokers repopulate their databases constantly. The structural fix is reducing the amount of real personal information you put out there going forward.
Use Unique Aliases for Every Account
When you sign up for a new service with your real email and phone number, that information can eventually end up on broker sites. Using unique email and phone aliases for each account means a breach at one service cannot be linked back to your real identity or your other accounts.
Lock Down Your Phone Number
Your phone number may be tied to banking, email resets, and two-factor authentication. If it shows up on data broker sites, it could become a target for SIM swap attacks and spam calls. A masked phone number keeps your real line private while still letting you receive calls and texts.
Limit What You Share
Before filling out a form, signing up for a loyalty program, or downloading a new app, ask yourself: Does this company need my real information? In most cases, the answer is no.
How Cloaked Helps You Take Back Control
Cloaked was built to solve this problem end-to-end. Cloaked removes personal data from over 300+ people-search sites and data brokers, then keeps monitoring for re-listings so your information stays off the market.
Going forward, Cloaked lets you generate unique email addresses and phone numbers for every account with a single click. Each alias has its own inbox, and if one gets compromised, you burn it and create a new one. Pair that with Dark Web & SSN Monitoring and $1M in identity theft insurance, and you have a layered defense that stops data brokers at the source instead of chasing them after the fact.
Run your free safety scan now and see who already has your data. Have questions? Get in touch with the Cloaked team.
FAQs
How do I find out who is selling my personal data?
Start by Googling your name plus your city on people-search sites like Spokeo, Whitepages, and BeenVerified. If your profile appears, those sites are selling or displaying your information. You can also check state data broker registries in California, Vermont, Texas, and Oregon to see which companies are registered to buy and sell consumer data.
Is there a free tool to check what data brokers have on me?
Yes. Several services offer free scans that check your name across dozens or hundreds of data broker sites. These scans show where your personal information is listed and what types of data are exposed. Cloaked offers a free safety scan across 300+ data brokers as a starting point.
Can I remove my information from data brokers permanently?
You can submit opt-out requests to each data broker individually, and under most state privacy laws, they are expected to process them. The problem is that brokers often re-add your data within a few months of updated public records. Ongoing monitoring and repeated removal requests are needed to keep your data off these sites long term.
What information do data brokers actually collect about me?
Data brokers typically collect your name, home address, phone number, email, age, employer, and names of relatives. Some may also hold financial data, purchase history, browsing behavior, health-related searches, and political affiliations. Any of that can be packaged into a profile and sold to marketers, insurers, or background check companies.
What is the California DROP platform, and how does it help?
DROP stands for Delete Request and Opt-Out Platform. Launched in January 2026 under California's Delete Act, DROP lets California residents submit a single deletion request that applies to every registered data broker in the state. Brokers must begin processing these requests starting August 2026 and continue deleting them every 45 days after that.
How do data brokers get my information in the first place?
Data brokers pull from public records like voter registrations, property records, and court filings. On top of that, they buy data from apps, loyalty programs, retailers, and other brokers. Your online activity, including browsing cookies, social media profiles, and app usage, also feeds into their databases. Most of this happens without your direct knowledge or consent.
.webp)
