Acxiom sells 2.5 billion consumer profiles. You have never heard of Acxiom. Here is the data trail.

You’ve never heard of Acxiom. But Acxiom knows you.

The company, headquartered in Conway, Arkansas and now owned by advertising giant IPG, maintains detailed profiles on roughly 2.5 billion consumers worldwide [2]. It knows what you buy, where you live, how much you earn, what you search for online, whether you have health conditions you’ve never told your employer about, and which political causes you donate to. Acxiom doesn’t hide this. It’s the business.

Acxiom is one player in an industry that generates an estimated $250 billion annually selling personal information to anyone willing to pay. You are not the customer. You’re the product, processed, packaged, and resold thousands of times without your meaningful knowledge or consent.

The Machine Behind the Curtain

The data broker industry operates largely outside public view. These companies don’t sell you anything. They have no app, no website you visit, no service you subscribe to. Most Americans couldn’t name a single one. That invisibility is, to a great extent, the point.

Here’s how the pipeline works. Every app on your phone, every website you visit, every rewards card you swipe, every public record filed in your name, all of it flows into data broker databases. They buy it, they trade it, they aggregate it. A pharmacy purchase links to your IP address, your browsing history, and your publicly available voter registration. From those three threads, a company like LexisNexis Risk Solutions, a division of the British publishing conglomerate RELX, can infer your health conditions, your financial stress level, and your likelihood of filing an insurance claim.

LexisNexis isn’t primarily known for this. Most people think of it as a legal research tool. But its Risk Solutions division runs a parallel business selling consumer profiles to insurers, debt collectors, employers, and law enforcement agencies. Its Complete Loss Underwriting Exchange contains claims data on more than 99 percent of U.S. households [3]. Insurers use it to price your policy before you’ve submitted a single claim.

Oracle, the enterprise software company, runs Oracle Data Cloud, one of the largest digital advertising data operations in the world. Experian and Equifax, the credit bureaus you know about, operate enormous parallel data businesses beyond credit reporting. Epsilon, owned by French ad giant Publicis, specializes in email marketing data. Verisk sells risk analytics primarily to insurance companies. Together, these companies and hundreds of smaller brokers form a market with no central registry, no public accountability, and no requirement that they tell you what they hold.

What Gets Collected

The categories of data collected would be familiar to anyone who has thought carefully about digital privacy. Location data from mobile devices. Purchase history from retail loyalty programs and payment processors. Browsing behavior from tracking pixels embedded in emails and websites. Social connections mapped from public social media profiles. Inferred health conditions derived from search queries, pharmacy purchases, and fitness app data.

What’s less understood is how granular this gets. The FTC’s 2023 commercial surveillance report [1] documented cases where data brokers were selling lists of people with specific mental health conditions, inferred from web browsing patterns. Lists of people with gambling problems. Lists of people going through divorces. Lists of domestic abuse victims, cross-referenced with their addresses.

The buyers of this data include insurers pricing health and life policies, employers conducting background checks, political campaigns microtargeting voters, and law enforcement agencies using commercial databases to build cases without warrants. In 2022, reporting from Vice and The Wall Street Journal revealed that the U.S. military and intelligence agencies had purchased location data from commercial brokers [5] rather than obtaining court orders, a legal workaround that civil liberties attorneys have described as an end-run around the Fourth Amendment.

The Opt-Out Illusion

Every data broker website has an opt-out page. Using them requires knowing the company exists, finding the page, submitting the request, and trusting that the system honored it. There are hundreds of brokers. Each opt-out typically lasts 90 days before your data re-enters the pipeline through a partner or subsidiary. Dozens of services charge monthly fees to automate the opt-out, which means you pay, repeatedly, to remove data nobody asked your permission to collect.

California’s Consumer Privacy Act, passed in 2018 [6] and strengthened in 2020, gives California residents the strongest legal opt-out rights in the country. Similar laws exist in Virginia, Colorado, Connecticut, and a handful of other states. There is no federal equivalent. The FTC has spent years calling for broad federal privacy legislation. Congress has not passed any.

The data broker industry has spent heavily lobbying against such legislation. According to OpenSecrets, Acxiom, Oracle, and the trade association representing data brokers collectively spent millions on federal lobbying in the years following the Cambridge Analytica scandal, precisely when federal privacy legislation was most likely to pass.

The same commercial data infrastructure feeds the recommendation systems that Facebook’s own researchers documented as engineered for rage.

The Price of Doing Nothing

The consequences of this system are not abstract. Federal and state law enforcement agencies have purchased commercial location data from brokers including Venntel and X-Mode, then used those datasets in criminal investigations [5]. The constitutional question raised by that practice remains unresolved: what protections apply when law enforcement buys data it could not legally demand through a warrant?

In 2023, a coalition of civil rights organizations published evidence that insurance companies in multiple states use data broker profiles to charge higher rates to people in predominantly Black and Latino neighborhoods. The industry calls this risk modeling and critics call algorithmic redlining.

Meanwhile, the market keeps growing. The expansion of connected devices (smart speakers, fitness trackers, connected cars) creates new data streams that regulators haven’t begun to address. A 2022 investigation by The Markup [4] found that Ford and General Motors were selling driver behavior data directly to insurance companies [4]. Drivers had consented in lengthy terms of service agreements that mentioned data sharing in language carefully designed not to be read.

There are no penalties for collecting this data. There are no audits. There is no registry of what any given broker holds. The $250 billion figure is probably an undercount.