Data Brokers Profile
Timeline example of abuses
-
In 2018, to enhance its AI capabilities Oracle acquired DataFox, which supplies business intelligence that can be used to help businesses plan a variety of customer relationship management services. The startup has a database covering 2.8 million public and private businesses and expecting to add 1
-
In 2018, the French company Criteo formed a partnership with AgilOne to identify and link customer behaviour across multiple online and offline channels. The service is intended to make the ads consumers see more relevant, but also stop showing them ads for products they've already bought in offline
-
In 2018, the French company Criteo announced it would link up with the ecommerce company Shopify to enable retailers and merchants of all sizes to use its technology to target users across channels and devices and scale up their businesses. Retailers will not need to expand their IT resources. https
-
In September 2017, soon after announcing the company had suffered a major data breach that exposed sensitive information pertaining to about 150 million people, Equifax set up a poorly secured website intended to help people determine whether they had been affected. The site was flagged by numerous
-
In September 2018, Acxiom introduced an open data framework intended to create an omnichannel view of the people in its database. The company claims this "unified data layer" will let customer companies connect their marketing technology and ad technology ecosystems and connect the online world to
-
In August 2018, three months after the General Data Protection Regulation came into force in the EU, Quantcast reported that over 90% of visitors to websites using the company's Quantcast Choice consent management platform were giving consent to at least some use of cookies. About 81% were
-
In 2018, the French company Criteo unveiled its new €20 million AI lab, dedicated to researching and developing machine learning. The company intends the lab to shape industry standards for measurement and best practices in this area, and lead the international conversation on responsible data use
-
In 2018, a week before the General Data Protection Regulation came into force in the EU, Quantcast and several other publishing industry groups complained that Google in an open letter that Google was imposing GDPR risks on publishers and consumers. Under the system Google proposed for GDPR
-
The French company Criteo is struggling to conform to the requirements of the EU's General Data Protection Regulation, which came into force in May 2018. Critics believed that Criteo's practice of opting visitors to European retail sites into first-party cookies and tracking even if they ignored the
-
In April 2018, Facebook announced that in six months it would end a programme it called "Partner Categories", in which the social network acted as a bridge between data brokers like Acxiom, Epsilon, and TransUnion and the consumers their customers want to reach. In this deal, Facebook did not
-
In 2018, Tapad announced a partnership with Twine Data intended to integrate Tapad's probabilistic cross-device tracking capability with Twine's deterministic identity graph. The two companies intend to create one of the largest portable identity graph and customer relationship management onboarding
-
In 2018, Tapad announced it would offload its media business to Brand Networks, refocusing instead on its data business and identity products, primarily its cross-device graph. A particular target for its new focus was the telecommunications industry, starting with Telenor, which acquired Tapad in
-
In 2018, Quantcast began expanding into Asia, opening operations in Hong Kong, Indonesia, Malaysia, Philippines, Singapore, Taiwan, and Thailand. The company explained the move was part of a market "tipping point", in which AI would transform every customer experience, company, and industry
-
In October 2017, an anonymous security researcher informed Equifax that in December 2016 they had found a vulnerability in one of its public-facing websites that allowed them to access the personal data of every American, including full names, birthdates, city and state of residence, and social
-
On October 13, 2017, as a result of the massive data breach announced in September and the discovery that the company's website was infected with malware, the U.S. Internal Revenue Service suspended a $7.2 million contract with Equifax pending investigation. A week earlier, the IRS had announced
-
In October 2017, the Equifax website was infected by malware that redirected visitors to a page that delivered fraudulent Adobe Flash updates that infected visitors' computers with adware. The company took down the affected pages after it was notified. Investigation showed that the malicious
-
In 2017 a free online service offered by Experian was found to be allowing anyone to request the PIN needed to unlock a previously-frozen consumer credit file. Freezing the file is intended to secure such accounts against tampering and fraud. To get an unlocking number, visitors needed to provide
-
In September 2017, unrelated to the massive data breach the company simultaneously announced, Equifax withdrew its mobile apps from Apple's App Store and Google Play because of security flaws that meant that data transferred between users and Equifax was not encrypted in transmission. Given the
-
A week after Equifax's massive 2017 data breach, researchers discovered that the company's Veraz online portal, designed to let Equifax's employees in Argentina manage credit report disputes mounted by that country's consumers, was left wide open, protected only by the user name and password
-
Days after Equifax discovered its data breach in July 2017 but before the breach was announced publicly in September, three of its top executives including the chief financial officer sold nearly $2 million worth of shares. The company told the Securities and Exchange Commission that the sales
-
On September 7, 2017, the credit scoring company Equifax announced that between mid-May and July 2017 its database of consumer records had been hacked. Eventually, in a filing with the Securities and Exchange Commission following demands from US senators, the company provided detailed statistics of
-
In November 2017, an investigation of Equifax's Work Number database, owned by the company's TALX division, found that it contains over 296 million employment records including employees at all salary levels. Every week the database receives current payroll data on about a third of the working US
-
In October 2017, researcher Brian Krebs discovered that a service provided by Equifax's TALX division, The Work Number, made it possible for anyone equipped with an individual's Social Security Number and date of birth to access that person's detailed salary and employment history. Because of the
-
In May 2017, Equifax advised a number of customers that between April 2016 and March 2017 criminals had been able to steal income tax data from the service The Work Number provided by its TALX subsidiary. The Work Number provides online payroll, human resources, and tax services to companies for
-
In 2017, a group of data brokers led by Acxiom, AppNexus, and MediaMath, and including Index Exchange, LiveIntent, OpenX, and Rocket Fuel, launched a consortium to make targeted programmatic advertising more widely available. Part of the consortium's goal is to enable the companies involved to
-
In 2017, Oracle Data Cloud and Simulmedia entered into an agreement to enable purchase-based targeting on national television. In this system, advertisers are able to reach audiences that are targeted based on their in-store purchases. Simulmedia is a leader in data-optimised TV campaigns; its
-
In March 2017, Experian agreed to pay a $3 million fine to settle a complaint brought by the Consumer Financial Protection Bureau that until 2014 the company had provided consumers with "educational" credit scores that were different from the FICO scores actually provided to credit card issues
-
In 2017, Quantcast, which measures visitors to over 150 million web destinations, announced it would partner with Quantium, a company that collects purchase data and analytics, to bridge the gap between offline and online audiences and provide insight into the patterns of online consumer behaviour
-
In 2017, the French retargeting company Criteo admitted that Apple's Intelligent Tracking Prrevention - changed default settings that prevent ad networks and other technology companies from tracking users - would cut its revenues by 8% to 10%. Although Safari had blocked such third-party cookies
-
In January 2017 two of the three largest US credit reporting bureaus, Equifax and TransUnion, were jointly fined $23 million in a settlement with the Consumer Financial Protection Bureau. CFPB held that the two companies marketed some of their products as free or costing $1 when in fact consumers
-
The key claim of retargeting, the business of companies like Paris-based Criteo, is that it can match long-tail advertisers with long-tail publishers and retailers. Ad exchanges enable these connections by identifying the specific group of people who need what smaller brands have - products such as
-
In 2016, Tapad and Acxiom's LiveRamp announced an expanded partnership to make Tapad's proprietary Device Graph accessible to LiveRamp's more than 400 adtech and marketing technology platforms. Device Graph enables marketers to track customer engagement across all digital channels. LiveRamp will use
-
In 2016, when data scientist Fred Benenson investigated why he had received an email from Sears asking if he was still interested in a product shortly after he had browsed for it on the Sears website, he discovered that Sears had contracted the French company Criteo to make this type of connection
-
In 2016, PlaceIQ, which connected physical and digital activities across time, space, and mobile devices, announced a collaboration with Oracle that would make its audience data available through Data Cloud's BlueKai Marketplace. PlaceIQ uses data from 475 million location points, 100 million unique
-
In 2016, the French company Criteo, which uses website tags to collect information about the products visitors see, noted that it keeps such data for 13 months. The company creates user profiles based on each visit to a website to view content or a product, and also uses the data for retargeting ads
-
In 2016, Acxiom announced a deal with the media delivery company Valassis, a subsidiary of Harland Clarke Holdings Corp, intended to provide marketers with better post-campaign analytics. The linkage of the two companies was intended to "provide an integrated view of a consumer's purchase behaviour"
-
In 2016, Oracle, long known as an enterprise software company, acquired the audience tracking company AddThis as part of expanding its business into marketing technology. AddThis places buttons on web pages to enable visitors to share stories or follow accounts on social media sites such as Facebook
-
In 2015, Norwegian telephone company Telenor announced it was acquiring Tapad, a five-year-old New York-based advertising startup for $360 million. Tapad focuses on cross-device "retargeting"; that is, it claims to track billions o dfata points across mobile devices, PCs, TV, and watches, and, going
-
In 2013, Oracle spent $1.5 billion to acquire the cross-channel marketer Responsys in a move analysts saw as an effort to compete with Salesforce, and also Adobe Systems. The acquisition was the beginning of a push into marketing that continued through 2015. Oracle, better known for enterprise
-
In 2015, Oracle and the US Federal Trade Commission settled charges that Oracle had compromised users' security by failing to remove older versions of Java SE from their computers when the software was updated. The software was installed on more than 850 million computers as of August 2014; Oracle
-
In 2015, Oracle rolled out "Validated Demographics", a service based on combining the capabilities it acquired with BlueKai, a data management platform that gathers data from publishers, and Datalogix, a tool that compiles offline demographic data. The combination of these complementary services
-
In 2015, Quantcast CEO Konrad Feldman explained his purpose in starting up the company in 2006: "to manufacture data to make advertising more relevant for consumers". By 2015, as display advertising on the web was beginning to use the targeting techniques previously preserved for search advertising
-
In 2015, Quantcast launched Audience Grid, an "open data marketing platform" to combine the data it collects from websites with data on audience habits collected by partners such as Tivo Research and Oracle's Datalogix. The combination is intended to give online advertisers greater insight into
-
In 2013, the New York-based startup Tapad was growing fast based on its claim to be able to track and target individual consumers across many devices - desktop and laptop computers, TVs, smartphones, and tablets. The technique goes well beyond cookies, which enable sites to track individuals across
-
In 2015, the advertising startup Tapad launched TV Pulse, a measurement platform that added linear TV data to its existing cross-device platform. The company claimed that its technology could detect devices such as smartphones being used by the same consumer who had viewed the company's TV ads, to
-
In 2014, Oracle beat out Facebook, Adobe Systems, and TV ratings agency AC Nielsen to acquire Datalogix for an estimated $1.2 billion. At the time, DataLogix, which provides data on offline consumer spending to digital marketers to enable them to track the effectiveness of their ads, had estimated
-
In 2014, Tapad claimed its system for matching consumers across multiple devices protected privacy because it relied on probabilistic matching rather than a deterministic approach that builds on personally identifiable information. The deterministic approach relies on logins - for example, an
-
In 2016, Tapad launched a partnership with the location-based ad targeting firm Placed to provide a service measuring the impact of digital advertising on in-store sales. Tapad sends anonymous campaign data to Placed, which has a panel of more than 500,000 users who have opted in. Placed measures
-
In October 2015, Experian announced that a breach of its computer systems exposed the Social Security numbers and other data of approximately 15 million people who applied for financing from the mobile network operator T-Mobile USA, to which Experian supplied credit assessment services. Experian
-
In 2015, Turner Broadcasting, a semi-autonomous division of AT&T's Warner Media announced it would integrate offerings from Episilon, Krux, and Oracle into its data management platform, which powers its ads. Oracle and Epsilon help bring in offline and multichannel consumer data, while Krux bridges
-
In 2013 and 2014, Quantcast's CEO, Konrad Feldman, claimed that real-time bidding, the latest trend in advertising technology, was providing a new way to game advertisers. RTB, also known as "programmatic" advertising, uses cookies to track what users have looked at and then retarget them through
-
In 2014, Acxiom's chief product and engineering officer, Phil Mui, described the system the company had been building to link individuals' activities across the many channels, devices, and applications they use. A single individual may accumulate four different personas via 24 cookies across six
-
In August 2016, Oracle's MICROS division, one of the top three global point-of-sale vendors, was hacked by the Carbanak Gang, a Russian organised cybercrime group known for hacking into banks and retailers. In 2014 when Oracle acquired it, MICROS' systems were in use at more than 200,000 food and
-
In 2013, detailed personal information being sold by the fraudster-friendly underground service Superget.info was found to have been bought from CourtVentures, a public records aggregator bought by Experian in 2012. In late 2013, Superget.info's operator, 24-year-old Vietnamese national Ngô Minh
-
In 2012, when the French company Criteo filed with the Securities and Exchange Commission to go public, it cited its data assets and the accuracy of its algorithms as a crucial part of its valuation. The company said that every day it was presented with billions of opportunities to connect
-
In 2013, 44 years after Acxiom went into business selling consumer data, the company opened a website, aboutthedata.com, to allow Americans to see the data the company holds about them and make it easier to opt out of tracking. However, using the site requires visitors to input a substantial amount
-
In August 2013, a jury in the Portland, Oregon Federal District Court awarded Julie Miller $18.4 million in punitive damages when despite two years of complaints and filings Equifax failed to rectify errors in her credit report that blocked many aspects of her financial life. Miller had followed the
-
In 2013, Twitter announced it would partner with numerous advertising companies including Quantcast and Oracle's BlueKai to create "tailored audiences". Twitter claims the service anbles advertisers to define targeted groups of current and prospective customers who have "shown interest" in their
-
In 2013, companies like Tapad developed new "cross-screen marketing" techniques to allow them to expand from tracking desktop computer users across the web to targeting them as they moved to smartphones and tablets. Cookies - small bits of code deposited on computers - do not work as well on mobile
-
In December 2012, the US Federal Trade Commission opened an investigation into data brokers' privacy practices, requesting information from nine companies: Acxiom, Corelogic, Datalogix, eBureau, ID Analytics, Intelius, Peekyou, Rapleaf, and Recorded Future. The FTC sought information about: the
-
In October 2012, Equifax agreed to a settlement with the US Federal Trade Commission over charges that between January 2008 and early 2010 the company improperly sold lists of consumers who were late on their mortgage payments in violation of the FTC Act and the Fair Credit Reporting Act. Equifax
-
In 2012, Acxiom's database was reported to be the largest commercial database on consumers in the world, containing approximately 1,500 data points, or "elements", for each of the 500 million active consumers worldwide and processing more than 50 trillion data transactions per year. Each of the
-
In 2010, Quantcast and Clearspring agreed to settle class action lawsuits brought against them over their use of Flash cookies. Flash cookies are "Local Storage Objects" stored by Adobe's Flash player plug-in; unaffected by browser privacy settings, they can respawn HTTP cookies after a user finds
-
In 2010, customers of the online shoe retailer Zappos, which was acquired by Amazon in 2009, began noticing that recommendations for products they had viewed on the site were following them around the web. The culprit was a then-new practice known as "retargeting", which uses cookies to identify
-
In 2007, Experience agreed to pay $300,000 to settle a Federal Trade Commission complaint that the company's ads for a "free credit report" failed to explain clearly enough that consumers who signed up would be enrolled in a credit-monitoring programme costing $79.95 per year. The FTC alleged that
-
As early as 2005, Experian began suggesting that its Mosaic consumer classification system, used by retail chains to tailor their stock for local populations could be used by political parties for campaigning. Based on work by Richard Webber, a visiting professor at University College London, Mosaic
-
In 2004, the US Department of Justice investigated the theft of 8.2GB of personal data from File Transfer Protocol (FTP) servers belonging to Acxiom between 2002 and 2003. The case was thought to represent the largest case of data theft at the time. Scott Levine, the owner of the email spamming
-
In 2003, the for-profit privacy company Private Citizen, which helps paying consumers unsubscribe from telemarketers' lists and direct mailing offers, found that Acxiom had begun rejecting the batches of opt-out notices the service sent on behalf of its subscribers. Acxiom insisted that each person
-
In 2003, the Electronic Privacy Information Center, Privacy Rights Clearinghouse, and PrivacyActivism filed complaints with the US Federal Trade Commission alleging that JetBlue Airways and Acxiom engaged in deceptive trade practices by supplying personal information about consumers to the Alabama
-
In 2003, Acxiom announced that law enforcement officials had notified the company that it had been hacked, and that the attacker had intercepted information in transit between the company and some of its clients via a File Transfer Protocol (FTP) server located outside the company's firewall. The
-
In 2000, and then again in 2003, the US Federal Trade Commission fined Equifax for blocking phone calls from consumers trying to get information about their credit or discuss their reports or making them wait for extended periods of time in violation of the Fair Credit Reporting Act. In 1996
-
In 2000, Experian entered into a consent decree with the Federal Trade Commission and agreed to pay $1 million to settle charges that the company blocked and delayed incoming phone calls from consumers wishing to discuss the contents of and possible errors in their credit reports. Under the Fair