Personal Data Sold Instantly After Health Insurance Quote Requests

Vaibhav April 10, 2026
Personal-Data-Sold-Instantly-After-Health-Insurance-Quote-Requests
Post Views: 14

Lead Generation Sites Sell Personal Data Within Seconds of Form Submission

A recent study has shed light on the practices of lead generation websites that offer health insurance quotes. These sites collect sensitive personal data and sell it to multiple buyers within mere seconds of a user submitting a form.

The Study Findings

  • Researchers at UC Davis, Stanford University, and Maastricht University analyzed 105 health insurance lead generation sites and monitored the fate of 210 synthetic user profiles over a 60-day period.
  • The researchers created synthetic user profiles with unique phone numbers and addresses and submitted forms across all 105 sites.
  • They then tracked every inbound call, text message, and email received by these profiles.
According to the study, “Third-party scripts embedded on the majority of the sites captured form field input in real-time, keystroke by keystroke, using JavaScript. This allowed buyers to access sensitive personal data before the form was even submitted.”

Data Misuse and Exploitation Patterns

  • Poor form design allowed PII to reach 73 distinct third parties.
  • Buying consumer data required no verification.
  • Records often contained fabricated or placeholder values.
As per the study, “Around 80% of leads listed identical values of 65 inches and 175 pounds, suggesting a lack of actual data collection and processing.”

Calls and Telemarketing

  • More than 80% of calls originated from VoIP infrastructure.
  • Caller ID analysis showed that 59% of calls used area codes matching the recipient’s number, a technique known as neighbor spoofing designed to increase answer rates.
  • Individual profiles received as many as 1,676 calls over 60 days.

Regulatory Failures

  • Only 14% of SMS messages sent to study profiles included opt-out language.
  • Opt-outs were not effective in stopping contact altogether.
  • Senders continued to send emails despite opt-out requests.
According to the study, “This put senders in violation of the CAN-SPAM Act’s 10-day cessation requirement.”

Conclusion

The study highlights the need for stricter regulations and better data protection measures to safeguard consumers’ sensitive information. It also underscores the importance of transparency and accountability in the lead generation industry.


Blog Image

About Author

Vaibhav

See author's posts

More Stories

FleetWave-Experiences-Major-Outage-Following-Cybersecurity-Breach

FleetWave Experiences Major Outage Following Cybersecurity Breach

Vaibhav April 10, 2026
Adobe-Reader-Zero-Day-Exploit-Used-in-Months-Long-Cyber-Attack-Campaign

Adobe Reader Zero-Day Exploit Used in Months-Long Cyber Attack Campaign

Vaibhav April 10, 2026
Operation-CyHawk-4-0-Investigation-Uncovers-Additional-Suspects-in-Delhi-Scam

Operation CyHawk 4.0 Investigation Uncovers Additional Suspects in Delhi Scam

Vaibhav April 10, 2026

Latest Cyber Security News

FleetWave-Experiences-Major-Outage-Following-Cybersecurity-Breach

FleetWave Experiences Major Outage Following Cybersecurity Breach

Vaibhav April 10, 2026
AWS-Introduces-Agent-Registry-for-Enhanced-Control-over-AI-Agents

AWS Introduces Agent Registry for Enhanced Control over AI Agents

Vaibhav April 10, 2026
Bitcoin-Depot-Experiences-Significant-Loss-Following-System-Breach

Bitcoin Depot Experiences Significant Loss Following System Breach

Vaibhav April 10, 2026
Adobe-Reader-Zero-Day-Exploit-Used-in-Months-Long-Cyber-Attack-Campaign

Adobe Reader Zero-Day Exploit Used in Months-Long Cyber Attack Campaign

Vaibhav April 10, 2026
Operation-CyHawk-4-0-Investigation-Uncovers-Additional-Suspects-in-Delhi-Scam

Operation CyHawk 4.0 Investigation Uncovers Additional Suspects in Delhi Scam

Vaibhav April 10, 2026
en_USEnglish
en_USEnglish