Social Security Numbers Sold: New Way to Stop It

info Adjust the font size of this article to get the best reading experience.
Millions of Americans have found their Social Security numbers exposed on the dark web, a result of extensive data breaches over recent years. This sensitive information is now accessible to anyone with a credit card, including fraudsters, scammers, and spammers. The repercussions of such exposure can be severe, as it enables thieves to open new credit cards under someone’s name, file fraudulent tax returns, and steal refunds, government benefits, and medical care.
In California, tens of thousands of residents are taking proactive steps to address this issue by requesting data brokers to remove personal details about their locations, finances, health, and other private aspects. This action is supported by the state’s first-of-its-kind Delete Act, which allows individuals to demand the removal of their personal data from registered data brokers through a centralized platform known as DROP (Delete Request and Opt-out Platform).
What Is California’s Delete Act?
Known as SB 362, this legislation enhances privacy rights for Californians. It permits individuals to request the erasure of their personal data from hundreds of registered data brokers via the DROP platform. According to CalPrivacy, the following types of information will be deleted:
- Social Security number
- Precise geolocation
- Browsing history
- Email addresses
- Phone numbers
- Interests
- Health-related information
- Shopping habits
However, certain data will not be deleted, including:
- Data provided directly to a business (first-party data)
- Exempted data
- Publicly available data
Californians’ deletion requests also require brokers—registered with the California Privacy Protection Agency (CPPA)—to delete and refrain from selling any of a person’s data in the future. A first round of deletions will begin after August 1, with brokers needing to access and process all requests within 45 days.
Failure to comply may result in penalties of $200 per day for each individual whose data has not been erased as requested.
Over 300,000 Requests to Delete Personal, Sensitive Data
As of July 1, 332,292 Californians had signed up to have their information deleted. Of the nearly 600 data brokers in CalPrivacy’s registry, 110 sell people’s precise locations; more than 40 sell identity data that includes Social Security numbers; nearly 70 sell information on Californians’ gender identity; seven sell data related to reproductive health; and six sell union membership information.
Eighteen of these brokers also sell information about minors, who can sign up for deletion using DROP or have their parents do so. Some 50 brokers sell personal data to the federal government, and roughly the same number to state governments; 27 to police agencies; more than 20 to foreign entities; and roughly 30 to developers of generative artificial intelligence.
Why Aren’t More Pushing the ‘Delete Button’?
There are hundreds of data brokers operating in the U.S., collecting people’s data from public records, apps, and online trackers and selling it to third parties—including advertisers, marketers, employers, recruiters, political campaigns, landlords, debt collectors, hate groups, and hostile foreign governments.
“Our data is their product, and they don’t sell it back to us,” said Tom Kemp, CalPrivacy Executive Director. “They sell it to other people. We don’t have control or say over who buys it. It’s not healthy to have all our personal information sloshing around. For the bad guys, it’s cheaper and easier for them to use data brokers and buy lists of people.”
Despite the risks associated with having sensitive information like a Social Security number shared with the wrong person, the number of Californians who have requested deletion is low—less than 1 percent of the state’s population. However, Kemp expects this number to increase once brokers start deleting data, urging Californians to press “the great delete button in the sky.”
“You will reduce your footprint out there, and you should see less targeted advertising based on your demographics, you will see less text scams and email spams, and you will see, potentially, less attempts to defraud you,” he said.
Those interested can check their eligibility and apply for deletion on DROP’s platform by August 1.
What About the Rest of the Country?
There is no comprehensive federal law regulating data brokers or banning the sale of personal information. Instead, the country presents a complex patchwork of regulations and restrictions, with some states allowing residents to opt out of the sale of their personal information or express their consent to opt in.
According to Nixon Digital, 20 states had enacted comprehensive privacy laws as of April: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, and Washington. Other states have proposals moving through the legislative process.
Some of these states have recently moved to follow in California’s steps, trying to create a similar registry and one-stop system for residents.
Connecticut Governor Ned Lamont recently signed into law a bill that would take effect on October 1, requiring brokers to register with the Department of Consumer Protection beginning on January 1, 2027. By July 1, 2028, the state will establish a centralized deletion mechanism enabling consumers to submit a single request directing all registered data brokers to delete their personal data, much like California’s DROP.
Last month, New Jersey Governor Mikie Sherrill signed a bill cracking down on data brokers and banning the sale of sensitive personal data. Similar to the Delete Act, the law requires brokers to register with a new public database and delete residents’ personal information upon request.
Oregon, Texas, and Vermont already require data brokers to register with state authorities, but unlike California, they have not introduced a one-stop deletion system.

- Author: Tyo Murty

At the moment there is no comment