Personal data removal & breach briefings

30 briefings

The briefings here address data privacy from a practical standpoint: what do data brokers and people-search platforms hold about you, what rights do you have to remove or suppress that information, and what does a realistic removal effort actually achieve in each jurisdiction?

The research is built from primary sources — regulator decisions, court records, direct broker policy documents, and field tests rather than aggregator summaries. The guidance is structured to be actionable. Each guide tells you what to do, in what order, which brokers and legal mechanisms apply in your jurisdiction, and where the ceiling sits on what you can realistically achieve without a professional service.

Coverage includes the broker ecosystem and removal mechanics for major jurisdictions (EU, UK, US, Germany, and Australia/New Zealand), how credential leaks and infostealer exposure create personal risk, the economics that make automated removal subscriptions underperform against a structured manual approach, and the GDPR and equivalent rights that work in practice — including the ones that data brokers resist and the paths for escalating when they do.

Data Brokers

View hub →
ANALYSIS

Germany’s Data Economy: What the Auskunfteien, Address Traders, and Adtech Platforms Know About You

Germany ranks near the top of European privacy surveys and hosts one of the continent’s most sophisticated data trading ecosystems. This maps the credit bureaus, address traders, and adtech platforms that hold data about German residents — and the legal mechanisms that limit enforcement against each.

10 min·31 May 2026
 GUIDE

Best Data Broker Removal Services in the US: What Actually Works (2026)

Six US data broker removal services tested against the August 2024 Consumer Reports field test — and why the free manual baseline outperformed every paid vendor in the cohort.

14 min·22 May 2026
 ANALYSIS

Why Data Brokers Make Opt-Outs Hard: The Economics of Friction

Broker opt-out URLs break for a structural reason: working opt-outs lower subscription revenue. The SEC-anchored math behind the friction.

11 min·18 May 2026
 GUIDE

How to Delete Your Personal Information from the Internet — The Practitioner’s Sequence

Removing your personal information from the internet is four problems, not one. Each layer has its own legal mechanic and its own DIY ceiling.

12 min·8 May 2026
 GUIDE

Data Brokers in the UK: Your Rights Under UK GDPR and the DUAA 2025

Who the UK's data brokers are, what the Data (Use and Access) Act 2025 changed, and why individual GDPR action now does what the ICO no longer can.

11 min·24 Apr 2026
 GUIDE

Do Data Broker Removal Services Actually Work? A Practitioner’s Answer

A practitioner’s answer on how data broker removal works under GDPR and CCPA, and when a subscription service, DIY, or full OSINT investigation is the right fit.

10 min·24 Apr 2026
 GUIDE

Is Data Broker Removal Legal in Europe Under GDPR?

Data broker removal is legal across the EU under GDPR Articles 17 and 21 — but the "legitimate interest" argument brokers rely on usually does not survive a proper balancing test.

7 min·23 Apr 2026
 GUIDE

Best Data Broker Removal Services in Europe: Country-by-Country (2026)

A verified, country-by-country comparison of data broker opt out services in France, Germany, Netherlands, Spain and the UK — using Consumer Reports 2024 results and direct pricing checks, not vendor marketing.

14 min·14 Apr 2026
 GUIDE

Data Broker Removal in Europe: What a Professional Engagement Actually Looks Like

Automated removal services average a 48 per cent success rate. Here is what a professional, human-led data broker removal engagement in Europe involves — from discovery through deletion, suppression, and ongoing monitoring.

9 min·29 Mar 2026
 GUIDE

GDPR Data Subject Access Request: Template and Complete Guide

A complete guide to GDPR Data Subject Access Requests — what the law says, what you are entitled to receive, enforcement case law, and a ready-to-use template.

12 min·22 Mar 2026
 GUIDE

How to Disappear from the Internet

A practitioner’s guide to reducing your digital footprint. What you can remove yourself, what persists regardless, and where DIY efforts reach their structural limit.

10 min·20 Mar 2026
 GUIDE

The Friction of Erasure: A Realistic Guide to Data Broker Removal

A realistic framework for data broker removal: how broker tiers work, why deletions bounce back, and how to use GDPR/CCPA leverage effectively.

9 min·12 Mar 2026
 GUIDE

Data Brokers in the United States: No Federal Law, 25 Brokers, and How to Opt Out

The US has no comprehensive federal privacy law. Data brokers hold vast quantities of personal data on Americans with almost no legal obligation to stop. What the FCRA and state patchwork cover, 25 brokers with opt-out links, and why California's DELETE Act in 2026 changes everything.

11 min·4 Mar 2026
 GUIDE

Data Brokers in Europe: GDPR, UK Law, Germany, France — and the US Surveillance Risk Nobody Warned You About

GDPR gives Europeans powerful rights over their data. But data brokers exploit legitimate interest loopholes, US surveillance law undermines every EU-US transfer framework, and a third Schrems ruling may invalidate the current system again. A complete guide to EU privacy law, major fines, and how to use your rights.

12 min·3 Mar 2026
 GUIDE

Data Brokers in Australia and New Zealand: What They Hold, What the Law Allows, and How to Get Out

Australia has had some of the world's largest data breaches. But most Australians don't realise data brokers legally hold and sell their personal data every day — with few legal obligations to stop. What the law says, who the 25 biggest brokers are, and how to opt out.

15 min·3 Mar 2026
 ANALYSIS

All Odido Data Is Now Online. Here Is What Happens Next.

When stolen data moves from 'for sale' to 'free for anyone', the real damage begins. Here is what typically happens next — illustrated with real Dutch and European cases.

7 min·3 Mar 2026
 INTEL

The Right to Delete Your Data Exists. Data Brokers Are Ignoring It.

35 brokers hid their opt-out pages from Google. 43% ignored deletion requests entirely. California's new DROP tool changes everything. Here is the evidence — and how to fight back.

16 min·1 Mar 2026
 GUIDE

How to Remove Your Data from Brokers: A Step-by-Step Walkthrough

Your personal data is sold daily by brokers you've never heard of. Here's how to find them, opt out, and use the California CCPA shortcut that most people don't know about.

6 min·23 Feb 2026
 GUIDE

15 Major Data Brokers: Direct Opt-Out Links (2026)

A practical guide to identifying data brokers holding your personal information and the most effective removal strategies available — including what they won't tell you.

8 min·1 Feb 2026

Credential Leaks

View hub →
ANALYSIS

From Gamble to Calculation: How Your Exposure Decides Who Gets Attacked

An intrusion told backwards from a single email address, and why a findable digital footprint turns a target from a gamble an attacker takes into a calculation they can run.

11 min·25 May 2026
 ANALYSIS

Ransomware Negotiation: Four Response Modes Law Firms Have Actually Used

What the HWLE court record and four leaked transcripts reveal about how ransomware operators negotiate with law firms, and the four ways firms have actually responded when a ransom demand lands.

16 min·20 May 2026
 ANALYSIS

How Modern Infostealers Work: Execution, Telemetry, and the 2026 Log Economy

How RedLine, Lumma, and Vidar execute on the host, what they harvest, what is visible on the wire, and how stolen credentials flow through 2026 log markets.

17 min·10 May 2026
 METHOD

How a Lockdown Investigation Runs

The Lockdown is the credential-and-account-takeover tier of our investigation work. Five business days, fixed €995, the full Mirror foundation plus seven Lockdown-specific deliverables. This article walks the methodology stage by stage: discovery, cross-reference, verification, report.

14 min·6 May 2026
 ANALYSIS

How Crypto Anonymity Breaks at the Endpoint

Crypto privacy was designed against chain analysis, not against the endpoint. The Fowler 2026 database showed why that gap is now the dominant threat.

13 min·3 May 2026
 GUIDE

Dark Web Monitoring: What It Actually Does and When It’s Worth Paying For

What dark web monitoring actually catches, what it misses on stealer logs and live session cookies, and when bundled, standalone, or human-led options each make sense.

18 min·27 Apr 2026
 INTEL

Stealer Logs: Inside The Credential Market HIBP Doesn't See

Stealer logs are the credential exposure vector most organisations cannot see — per-device snapshots containing passwords and live session cookies, sold in underground markets within hours of infection.

11 min·20 Apr 2026
 INTEL

Odido: One Month After Disclosure, the Breach Is Still Expanding

One month after Odido disclosed the breach, every dimension has escalated. The full dataset is public. Ministers and protected persons are in it. Former customers who left a decade ago are in it. And the fraud is doubling.

8 min·13 Mar 2026
 INTEL

The Odido Breach: 30 Days of Criminal Activity, Documented

The Odido breach was confirmed February 12. Within 19 days, the full dataset was published on criminal infrastructure. Within 20 days, active phishing campaigns were running. This is not a prediction — it is a documented sequence.

7 min·10 Mar 2026
 ANALYSIS

Bypassed: How Voice Cloning, Virtual Cameras, and Real-Time Interception Defeated the Controls Everyone Trusted

MFA was supposed to solve password theft. KYC was supposed to solve identity fraud. Both assumptions are now broken — defeated not by nation-states but by criminal groups using free software, breach data as raw material, and OSINT to source every component.

10 min·6 Mar 2026
 INTEL

Odido Breach: How ShinyHunters Stole 6.2M Records

ShinyHunters is publishing stolen Odido customer data daily — names, IBANs, ID numbers, sensitive account notes. The attack used a phone call, not a zero-day. Here is exactly how it unfolded.

7 min·27 Feb 2026

If you want long-term removal across the broker ecosystem, the Eraser runs the multi-week purge.

See The Eraser