Data Broker Case Studies
Data-broker harm is not hypothetical. These are documented, sourced cases where personal information sold or aggregated by brokers and people-search sites led to stalking, murder, swatting, and targeted harassment, and the laws and lessons that followed. Each case ends with the concrete removal step it argues for.
Amy Boyer: the murder that put data brokers on trial
What happened
Liam Youens, who had been obsessed with Amy Lynn Boyer since high school, paid the online investigation service Docusearch for her Social Security number and then her workplace address. Docusearch obtained the work address through a pretextual ("pretexting") phone call. On October 15, 1999, Youens drove to Boyer’s workplace and fatally shot her as she left, then killed himself.
The role of data brokers
Boyer had no relationship with Docusearch and no way to know it was assembling and selling her identifying information. The broker sold her SSN and work location to a paying stranger without verifying his intent, the exact business model that people-search and data-broker services still run on.
What changed
In Remsburg v. Docusearch (2003), the New Hampshire Supreme Court held that a data broker owes a duty of reasonable care because criminal misuse of sold personal data, including stalking and identity theft, is foreseeable. Congress also passed "Amy Boyer’s Law" (2000), restricting the sale and display of Social Security numbers without consent.
The removal lesson
Your work address and SSN are exactly the data points brokers monetize, and a stranger can buy them. Removing yourself from people-search sites shrinks the pool of information a stalker can purchase. This case is why "it’s just public info" is a dangerous framing.
How to protect your personal information online →Location brokers tracked visits to clinics, shelters, and places of worship
What happened
Through 2022–2024 the FTC brought actions against Kochava, X-Mode Social / Outlogic, InMarket, Gravy Analytics / Venntel, and Mobilewalla. The agency alleged these companies collected precise geolocation, often harvested from real-time advertising auctions and app SDKs, without meaningful consent, then sold or used it to build audience segments. Mobilewalla was alleged to have built an audience segment of pregnant women identified from visits to pregnancy centers.
The role of data brokers
These brokers operate invisibly: most victims never installed an app belonging to the broker. Location was siphoned from ad exchanges and embedded SDKs and resold. Precise location, unlike a name, can reveal where you sleep, worship, seek medical care, and shelter from an abuser.
What changed
The FTC secured orders prohibiting the sale of sensitive location data and requiring deletion of ill-gotten data and the audience segments derived from it. The cases established that selling sensitive-location data without consent is an unfair practice under the FTC Act.
The removal lesson
Location data is some of the most dangerous data a broker holds, and you can’t "opt out" of an SDK you never knew was running. Limiting ad tracking on your phone, resetting your mobile advertising ID, and removing yourself from brokers that resell location data all reduce exposure.
Location data brokers explained →A judge’s home address, a murdered son, and Daniel’s Law
What happened
In July 2020, a disgruntled attorney posing as a delivery driver arrived at the New Jersey home of U.S. District Judge Esther Salas. He shot and killed her 20-year-old son, Daniel Anderl, and wounded her husband. The attacker had compiled a dossier on Judge Salas, including her home address, which was readily available online.
The role of data brokers
A sitting federal judge’s home address was trivially obtainable, the same people-search and data-broker ecosystem that sells anyone’s address. The attack demonstrated that for targeted individuals, an address listing is not a convenience; it is an attack surface.
What changed
New Jersey passed Daniel’s Law (2020), requiring data brokers to remove the home addresses of judges, prosecutors, and law-enforcement officers on request. Many states followed with equivalents, and Congress passed the federal Daniel Anderl Judicial Security and Privacy Act (2022) for federal judges.
The removal lesson
Address removal is a recognized safety measure, not paranoia, lawmakers built statutes around it. While Daniel’s Law covers specific roles, anyone can remove their home address from people-search sites to deny would-be attackers the same easy starting point.
What is Daniel's Law? →The swatting epidemic runs on people-search addresses
What happened
Across 2024–2025, the U.S. saw a sharp rise in swatting and doxxing of public officials. The U.S. Marshals Service recorded hundreds of threats against federal judges. In one prominent prosecution, Alan Filion was sentenced after orchestrating 375+ swatting calls nationwide. Swatting has caused deaths and serious injuries when armed officers arrive at the wrong premises or confront unaware residents.
The role of data brokers
Swatting and doxxing campaigns begin with an address. People-search sites and data brokers are the default tool attackers use to convert a name, or a username, into a physical location. Remove the address listings and you remove the raw material.
What changed
Multiple states have made swatting a felony, and federal prosecutors have pursued multi-year sentences. Legislators increasingly tie anti-swatting and anti-doxxing efforts to data-broker address-removal requirements.
The removal lesson
If your address is one search away, you are one grudge away from a SWAT team at your door. Proactively removing home-address listings from people-search sites is the single most effective personal countermeasure to doxxing and swatting.
Remove your address and phone from data brokers →Targeting reproductive-health workers with broker data
What happened
Reporting in 2024 documented that anti-abortion activists and harassers used easily obtained personal information, home addresses, phone numbers, family details, to target reproductive-health-care workers. The same broker and people-search infrastructure that powers marketing made clinic staff findable at home.
The role of data brokers
Workers in a high-risk field found their home addresses and contact details aggregated and sold by brokers, with no practical way to keep them out of the dataset short of active removal. The data market does not distinguish between a marketer and a harasser buying a profile.
What changed
The episode intensified calls to extend address-confidentiality protections and Daniel’s-Law-style removal rights to health-care workers, and it spurred clinics to add data-broker removal to staff safety programs.
The removal lesson
For anyone in a targeted profession, data-broker removal is occupational safety. Address Confidentiality Programs plus systematic people-search opt-outs are the practical baseline, ideally before a threat materializes, not after.
Address Confidentiality Programs by state →Don’t be a future case study
Take your address off the market
Every case above started with information a stranger could buy. OfflistMe drafts the deletion emails to get your name, address, and phone off people-search sites, one flat fee, no subscription.
Request Removal NowOne-time from $7