Podcast 23 mins
Better Being Series: Understanding Burnout in the WorkplaceWho’s Got Hold of Your Personal Information? Data Brokers Are Big Business
Data brokers are companies that collect and sell personally identifiable information to third parties. This industry has become a multibillion-dollar industry, but it also presents risks to individuals and businesses whose personal information may be used for nefarious purposes.
Key Takeaways
-
Data brokers gather information — often sourced from commercial databases or from the open web — and sell or license that information to third parties for a fee.
-
The use of PII by data brokers can range from commonplace to controversial, and can also be exploited by cyber criminals for malicious purposes.
-
Individuals and businesses should regularly assess and manage their personal information online, including utilizing opt-out options, to protect against data brokering and potential abuse.
Overview
The internet has made collecting and selling personal data easier than ever, and personally identifiable information (PII) is particularly valuable to one growing industry: data brokers.
Data brokers are businesses that gather information — often sourced from commercial databases or from the open web — and sell or license that information to third parties for a fee. This data can come from public records, consumer marketing lists and social media. Data brokering has become a multi-billion dollar industry, and these businesses use personal information in ways that range from the commonplace to the controversial.
“The primary focus of these sites is to collect information such as dates of birth, home addresses, personal contact details, emails and names of relatives,” says Catarina Kim, managing director of the Intelligence Group in Aon’s Cyber Solutions. “They have dual use purposes. On the surface, a user can buy a report on the site to vet the background of a person. However, this data can also be used by bad actors to conduct social engineering, account takeovers or target members of the public.”
There are also other, more nefarious data brokers. These threat actors typically operate on the dark web and traffic data that have been stolen or exfiltrated through third-party data breaches.
For business leaders or other high-net-worth individuals, either type of data brokering activity can present a very real risk if their personal information is used by individuals who might want to target them or their families for harassment, fraud or criminal activities.
The primary focus of these sites is to collect information such as dates of birth, home addresses, personal contact details, emails and names of relatives.
In Depth
The amount of personal information available on the open web is vast and often highly accessible, especially in the United States. A simple search can provide such details as an individual’s associated telephone number, email address, mother’s maiden name and other data that can used for phishing, answering password reset questions and even engaging in more sophisticated attacks to defeat two-factor authentication on bank accounts. Vehicle license plate numbers and information about the make and model of an executive’s car might also be readily available.
“People are often unaware of how much PII is available about them online. Cyber criminals can complement what’s accessible for free on the open web by leveraging data found on the dark web, including compromised passwords for email addresses that were breached through third party sites such as a food delivery service or online marketplace,” says Dennis Lawrence, a senior consultant in the Intelligence Group at Aon’s Cyber Solutions. “This is particularly relevant since many people reuse old passwords or use slight variations of them.”
“Those are all things that could be used and leveraged in a very strategic way by certain people if they got into the wrong hands, especially if it is information about a senior executive or a high-net-worth individual,” says Kim. “It can be used to access their email accounts, extort them, impersonate them and to commit fraud.”
Identifying and Controlling Data Vulnerability
Determining what information might be available about executives or other prominent individuals is an important process and one that must be repeated regularly.
“On the open web, the companies that sell this information are legitimate businesses. This is not obviously stolen data, these are data sets that they are buying from other companies that have collected this information,” says Kim. “If the sites refresh their data in six months, information gets repopulated even after an opt-out request has been submitted. So it’s not necessarily a one-and-done.” As a result, it’s best to take a proactive approach to managing personal information online. Individuals can begin with a vulnerability assessment to examine their digital footprint, using open, deep and dark web sources to identify areas of risk.
“Anything that’s publicly accessible, anything that we can glean from social media, anything that we can glean from the dark web, those are the first things people should consider reviewing,” says Kim. When possible, individuals can opt out from having their information sold, or, in some cases, records can simply be removed from websites.
If individuals choose to keep posting on social media, they should understand the privacy settings they can apply to their activities. “There are ways that you can lock down your profile so you can still share information without providing access to people outside your circle,” Kim says, noting the benefits of “proactive monitoring.” This entails constantly scanning the open and dark web for information on individuals that might be leveraged against them.
As Information Moves, Risks Increase
A lawsuit filed earlier this year by a data broker against one of its customers speaks to some of the risks associated with information as it changes hands.
While there aren’t widespread laws governing data brokers’ activities, some U.S. states like California require databrokers to register with the state’s attorney general. The California Consumer Privacy Act also gives residents of the state some rights and protections concerning their personal information. “It’s very specific to California residents,” says Kim. “I don’t foresee that happening uniformly across the United States.”
Other regions have specific legislation in place to protect individuals from data exposure risks. In Europe, the EU has pursued data brokers accused of violating the General Data Protection Regulation (GDPR).
Managing the Power of Personal Data
Personal information about executives or high-net-worth individuals that falls into the wrong hands becomes a powerful risk. Once sensitive data has made its way to the internet, it may be too late to control potential damage. However, by understanding the sorts of information being collected and shared by data brokers and taking steps to limit the amount of data available, individuals can better protect their personal information online.
“Clients will often come to us once an event has happened,” says Lawrence. “But the best way to think about this is that you can help avoid a lot of heartache and violation of privacy if you take action before that potential event occurs down the road.”
General Disclaimer
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Aon's Better Being Podcast
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Aon Insights Series Asia
Expert Views on Today's Risk Capital and Human Capital Issues
Aon Insights Series Pacific
Expert Views on Today's Risk Capital and Human Capital Issues
Aon Insights Series UK
Expert Views on Today's Risk Capital and Human Capital Issues
Construction and Infrastructure
The construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.
Cyber Labs
Stay in the loop on today's most pressing cyber security matters.
Cyber Resilience
Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Employee Wellbeing
Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
Environmental, Social and Governance Insights
Explore Aon's latest environmental social and governance (ESG) insights.
Q4 2023 Global Insurance Market Insights
Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
Regional Results
How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
Human Capital Analytics
Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
Insights for HR
Explore our hand-picked insights for human resources professionals.
Workforce
Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
Mergers and Acquisitions
Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
Navigating Volatility
How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Parametric Insurance
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
Pay Transparency and Equity
Our Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.
Property Risk Management
Forecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.
Technology
Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
Top 10 Global Risks
Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.
Trade
Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
Weather
With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
Workforce Resilience
Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
More Like This
-
Article 8 mins
U.S. Rail Sectors Work to Mitigate Capacity and Pricing Risk Issues
U.S. freight and commuter rail industries are facing excess liability and property issues for different reasons. These railroads are critical to infrastructure and vital to the economy, yet finding effective solutions remains complex.
-
Article 11 mins
D&O Risks and Considerations for Businesses Planning an IPO
As private companies prepare for an IPO, they face increased risks that require directors and key leaders to adopt essential risk management strategies to ensure a smooth transition.
-
Article 10 mins
How Public Entities and Businesses Can Use Parametric for Emergency Funding
As climate change intensifies the frequency and severity of extreme weather events, public entities and businesses need more flexible funding solutions. Parametric stands out as an adaptable resource capable of swiftly responding to potential disasters.