How your personal data is being sold legally online - and used by hackers to steal millions

By WILL HALLOWELL, NEWS REPORTER Published: 00:31, 6 June 2026 | Updated: 00:54, 6 June 2026 Security chiefs believe the majority of their employees' personal information is publicly exposed online – leaving them increasingly vulnerable to hackers that could wipe millions off the company's books. A report reveals the most significant intelligence source for hackers was no longer the dark web but legal data broking websites, which collect the public's data to sell on to other businesses. Hackers are increasingly using this information for social engineering tactics, in which they impersonate or trick employees to gain access to their workplace, to carry out ransomware attacks. It was the method used in last year's attack against Jaguar Land Rover, which saw billions wiped off the British car maker's annual turnover, and retailer Marks and Spencer, whose boss admitted the group had gained access by impersonating an employee. A similar attack on US airlines in 2025 saw the FBI issue a national security alert warning that hackers were using employee identities to trick IT support desks, threatening the entire country's aviation industry.  Similar attacks have previously taken down MGM and Caesars Palace in Las Vegas. A survey by Optery of over 420 cybersecurity leaders has found just four per cent are confident their staff's data - such as home addresses, personal phone numbers and names of family members - was not readily available online. The findings come from Optery's 2026 Enterprise Social Engineering Survey Report published this month. The most significant intelligence source for hackers was no longer the dark web but legal data broking websites, which collect and sell the public's data to sell on to other businesses, a new report has revealed  Almost all respondents - 96 per cent - reported an increase in social engineering attacks in the past year, and more than half said it was beginning to strain their defences. Around three quarters said they had been compromised as a result of an attack.  The main targets were IT staff at 80 per cent, compared to executives at 42 per cent and help desk staff at 33 per cent. The report states: 'Security leaders overwhelmingly report that attackers can easily obtain the information needed to target individuals, including home addresses, personal phone numbers and email addresses, breached credentials, and job roles.' Around 98 per cent of respondents rated data broker and people-searching sites - such as Whitepages and 192.com - as the biggest source of this information for hackers, compared with around 90 per cent for social media and the dark web. More than three quarters - 77 per cent - said their employees' personal data was 'very or somewhat' exposed on these sites. Only 3.6 per cent said they weren't. Lawrence Gentilello, CEO and founder of Optery, said: 'In recent years there have been several documented examples of threat actors using commercial data brokers as part of their reconnaissance and targeting process against organisations. 'Leaked ransomware group communications, incident investigations, and government advisories all point to the same pattern: attackers are using commercially available data aggregation services to identify employees, map organisations, and gather the personal and professional information needed to carry out targeted attacks. 'Multiple cases illustrate the pattern. For example, leaked Black Basta communications showed members using data brokers to identify targets and support social engineering. 'Federal guidance on Scattered Spider has also identified commercial intelligence tools as part of the group's reconnaissance inputs.  'In the 0ktapus campaign, which targeted more than 130 organisations and resulted in the theft of nearly 10,000 credentials, Okta reported that the attackers likely harvested mobile phone numbers from commercially available data aggregation services that link phone numbers to employees at specific organisations. 'Some cybercriminal groups purchase access to these sites directly while others resell it as a lookup service.  'Either way, data broker profiles supply a major source of intelligence that drives social engineering attacks.' No comments have so far been submitted. Why not be the first to send us your thoughts, or debate this issue live on our message boards. By posting your comment you agree to our house rules. Do you want to automatically post your MailOnline comments to your Facebook Timeline? Your comment will be posted to MailOnline as usual. Do you want to automatically post your MailOnline comments to your Facebook Timeline? Your comment will be posted to MailOnline as usual We will automatically post your comment and a link to the news story to your Facebook timeline at the same time it is posted on MailOnline. To do this we will link your MailOnline account with your Facebook account. We’ll ask you to confirm this for your first post to Facebook. You can choose on each post whether you would like it to be posted to Facebook. Your details from Facebook will be used to provide you with tailored content, marketing and ads in line with our Privacy Policy.