Congress just dropped a report that should make your blood boil: data brokers have cost Americans over $20 billion in identity theft losses from just four major breaches in the last decade. Yeah, you read that right. Billions. And most of us had no idea these companies were even collecting our information in the first place.

Data brokers are basically the middlemen of the digital world. They vacuum up your personal information from public records, online activity tracking, and everywhere else they can get their hands on it, then turn around and sell it to marketing companies and other businesses. The wild part? Many of these brokers operate in the shadows while holding incredibly sensitive data on hundreds of millions of people.

The congressional investigation, led by Senator Maggie Hassan, was actually triggered by some solid investigative journalism that exposed how data brokers were deliberately hiding their opt-out pages from search engines. They were using something called “no-index” code, which basically tells Google and other search engines not to show these pages in results. It’s a sneaky way of making it nearly impossible for regular people to control what happens with their data.

Here’s where it gets interesting: after the reporting went public and Senator Hassan started asking questions, most of the major brokers actually changed their practices. They removed the hidden code, made their opt-out pages easier to find, and started being more transparent about how consumers could protect themselves. Only one broker, Findem, refused to play ball.

The numbers Congress came up with are staggering. They looked at four specific breaches: the 2017 Equifax disaster that exposed 147 million people, an Exactis breach in 2018 affecting 230 million, a National Public breach in 2023 hitting 270 million, and a 2025 TransUnion breach impacting 4 million. Using estimates of how many people actually fall victim to identity theft after breaches and the typical cost per incident (around $200), they calculated nearly $21 billion in losses.

The report makes it clear that we need real action to fix this broken system. It’s calling for better oversight of the data broker industry and easier access to opt-out options. Because honestly, if you have to practically be a tech wizard just to find where to remove your data, that’s not actually giving people control, that’s just theater.

California residents actually have a tool available now: a state website that lets you remove your information from hundreds of brokers at once. It’s not perfect, but it’s a start. The bottom line is this: your data has serious value, and companies have been profiting off it while leaving you vulnerable to theft and fraud. It’s time we demand actual accountability.