Congressional Report Links $20.9 Billion in Consumer Losses to Data Broker Breaches
A recent minority report from the U.S. Joint Economic Committee (JEC) estimates that over $20.9 billion in consumer losses are tied to identity theft stemming from four major data breaches involving data broker firms. The findings, released on Friday, stem from a months-long inquiry led by Senator Maggie Hassan (D-NH), the JEC’s ranking member, into the practices of five major data brokers: Comscore, Findem, IQVIA Digital, Telesign, and 6Sense Insights.
The investigation was prompted by a 2023 report from The Markup and CalMatters, co-published by WIRED, which revealed that some data brokers were hiding opt-out tools from search engines using "no index" instructions a tactic that prevents web crawlers from listing privacy-related pages. Scammers exploit the sensitive data these companies collect including dates of birth, addresses, and Social Security numbers to execute personalized fraud schemes.
Following Hassan’s August 2023 outreach, four of the five companies took steps to improve opt-out accessibility:
- Comscore removed a "no index" tag from its "Data Subject Rights" page, which it traced back to a 2003 version of the site, though it could not explain why the code was originally added.
- Telesign enabled indexing for its opt-out form and added a footer link after attributing the issue to a third-party SEO tool that restricted visibility by default.
- 6Sense removed "no index" code from its privacy policy page and became the only company to report third-party audits assessing both opt-out visibility and request processing.
- IQVIA Digital did not respond to requests for comment.
Findem, however, failed to respond to Hassan’s inquiries or follow-up from committee staff. The report highlights the company’s "serious lack of responsiveness", noting that its 2024 mandatory disclosures revealed it did not process 80% of privacy requests, citing "insufficient data." The company also retained the "no index" code on its opt-out page, and WIRED’s attempts to contact Findem went unanswered.
The JEC report also criticizes broader industry practices, citing the Markup/CalMatters investigation, which found that dozens of California-registered data brokers used "no index" codes and other "dark patterns" to obscure opt-out and deletion tools. Even when links were available, they were often buried in lengthy privacy notices Telesign’s, for example, exceeded 9,000 words making them difficult for consumers to locate.
The findings underscore the financial and operational risks posed by data brokers’ handling of sensitive information, as well as the gaps in transparency and compliance within the industry.
Source: https://www.wired.com/story/data-broker-breaches-fueled-dollar209-billion-in-identity-theft-losses/
IQVIA Digital cybersecurity rating report: https://www.rankiteo.com/company/iqvia-digital
Comscore, Inc. cybersecurity rating report: https://www.rankiteo.com/company/comscore
6sense cybersecurity rating report: https://www.rankiteo.com/company/6sense
Telesign cybersecurity rating report: https://www.rankiteo.com/company/telesign
Findem cybersecurity rating report: https://www.rankiteo.com/company/findeminc
"id": "IQVCOM6SETELFIN1772188194",
"linkid": "iqvia-digital, comscore, 6sense, telesign, findeminc",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Data Analytics',
'name': 'Comscore',
'type': 'Data Broker'},
{'industry': 'Data Analytics',
'name': 'Findem',
'type': 'Data Broker'},
{'industry': 'Healthcare Data Analytics',
'name': 'IQVIA Digital',
'type': 'Data Broker'},
{'industry': 'Identity Verification',
'name': 'Telesign',
'type': 'Data Broker'},
{'industry': 'B2B Data Analytics',
'name': '6Sense Insights',
'type': 'Data Broker'}],
'attack_vector': 'Exploitation of sensitive data collected by data brokers',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Dates of birth',
'Addresses',
'Social Security numbers',
'Personally identifiable '
'information']},
'date_publicly_disclosed': '2024-07-12',
'description': 'A minority report from the U.S. Joint Economic Committee '
'(JEC) estimates over $20.9 billion in consumer losses tied to '
'identity theft stemming from four major data breaches '
'involving data broker firms. The investigation, led by '
'Senator Maggie Hassan, examined practices of five major data '
'brokers: Comscore, Findem, IQVIA Digital, Telesign, and '
'6Sense Insights. The breaches involved exploitation of '
'sensitive data such as dates of birth, addresses, and Social '
'Security numbers for personalized fraud schemes.',
'impact': {'brand_reputation_impact': 'Negative impact due to lack of '
'transparency and compliance',
'data_compromised': 'Dates of birth, addresses, Social Security '
'numbers, personally identifiable information',
'financial_loss': '$20.9 billion in consumer losses',
'identity_theft_risk': 'High'},
'investigation_status': 'Ongoing',
'lessons_learned': "Data brokers' lack of transparency and compliance poses "
'significant financial and operational risks. Obscured '
'opt-out tools and dark patterns exacerbate identity theft '
'risks.',
'motivation': 'Financial gain through identity theft and fraud',
'post_incident_analysis': {'corrective_actions': "Removal of 'no index' tags, "
'improved opt-out '
'accessibility, third-party '
'audits, and enhanced '
'transparency',
'root_causes': "Obscured opt-out tools, 'no index' "
'instructions, dark patterns, and '
'lack of responsiveness from data '
'brokers'},
'recommendations': 'Improve opt-out tool accessibility, enhance transparency, '
'conduct third-party audits, and ensure compliance with '
'privacy regulations.',
'references': [{'date_accessed': '2024-07-12',
'source': 'U.S. Joint Economic Committee (JEC) Minority '
'Report'},
{'source': 'The Markup and CalMatters Report'},
{'source': 'WIRED'}],
'response': {'containment_measures': "Removal of 'no index' tags, improved "
'opt-out accessibility',
'remediation_measures': 'Comscore, Telesign, and 6Sense removed '
"'no index' codes; Telesign added footer "
'links',
'third_party_assistance': '6Sense reported third-party audits'},
'threat_actor': 'Scammers and fraudsters',
'title': 'Data Broker Breaches Leading to $20.9 Billion in Consumer Losses',
'type': 'Data Breach',
'vulnerability_exploited': "Obscured opt-out tools, 'no index' instructions, "
'and dark patterns'}