Stay Updated Icon

Subscribe to Our Tech & Career Digest

Join thousands of readers getting the latest insights on tech trends, career tips, and exclusive updates delivered straight to their inbox.

Minnesota Shooting Suspect Allegedly Used Data Brokers to Find Targets, Exposing Privacy Risks

3:44 AM   |   17 June 2025

Minnesota Shooting Suspect Allegedly Used Data Brokers to Find Targets, Exposing Privacy Risks

The Deadly Reach of Data Brokers: Minnesota Shooting Suspect Allegedly Used Online Sites to Find Targets

In a chilling case that underscores the tangible dangers lurking in the digital shadows, court documents suggest the suspect in a recent, tragic shooting in Minnesota may have leveraged online data broker services to locate the private addresses of his alleged victims. The incident, which resulted in fatalities and injuries among state lawmakers and their spouses, has cast a harsh spotlight on the largely unregulated industry of data brokering and the ease with which sensitive personal information can be accessed and potentially weaponized.

The violence unfolded early on a Saturday morning, targeting the homes of Democratic Minnesota state representative Melissa Hortman and state senator John Hoffman. According to authorities, suspect Vance Boelter, 57, is accused of shooting Representative Hortman and her husband, Mark Hortman, in their home. Both tragically succumbed to their injuries. Earlier that night, the suspect allegedly also attacked Senator Hoffman and his wife, Yvette Hoffman, in their residence. While injured, the Hoffmans are reported to be recovering, described by their family as “incredibly lucky to be alive.”

The investigation into the motive and methods behind these attacks has revealed disturbing details about the suspect's alleged preparation. An FBI affidavit cited in court documents indicates that a search of the suspect's vehicle uncovered notebooks containing handwritten lists. Among these lists were the names of more than 45 Minnesota state and federal public officials. Critically, the home address of Representative Hortman was reportedly written next to her name.

Even more revealing, one notebook allegedly listed 11 different mainstream search platforms – commonly known as “people search” sites – used for finding individuals' home addresses, phone numbers, relatives, and other personal information. This detail suggests a deliberate effort to use commercially available data services to facilitate the attacks.

While some of the targeted lawmakers' addresses were publicly accessible – Representative Hortman's campaign website listed her home address, and Senator Hoffman's appeared on his legislative webpage, as reported by The New York Times – the alleged use of data broker sites points to a broader, more systematic approach to finding personal details, potentially for individuals whose information isn't as readily available through official public channels.

Acting US attorney Joseph Thompson commented on the suspect's alleged actions, stating, “Boelter stalked his victims like prey. He researched his victims and their families. He used the internet and other tools to find their addresses and names, the names of their family members.” Thompson also alleged that the suspect conducted surveillance on the victims' homes, indicating a planned and targeted operation.

The suspect currently faces multiple charges of second-degree murder in connection with the deaths of Melissa and Mark Hortman.

The Pervasive World of Data Brokers

The Minnesota tragedy has reignited urgent conversations about the data broker industry. These companies specialize in collecting vast amounts of personal data from a multitude of sources – public records, online activity, commercial transactions, social media, and more – and then aggregating, analyzing, and selling or licensing this information to third parties. The data can range from basic contact information and demographics to detailed insights into purchasing habits, political affiliations, health conditions, and location history.

The business model is built on the premise that personal data is a valuable commodity. While data brokers serve various clients, including marketers, employers, and financial institutions, the existence of “people search” sites – often operating on a subscription or per-search fee basis – makes obtaining sensitive personal information, including home addresses, remarkably easy for almost anyone with an internet connection and a credit card.

Critics have long warned about the potential for this readily available data to be misused. Stalkers, domestic abusers, harassers, and now, allegedly, violent criminals can leverage these services to find and target individuals who may have otherwise been difficult to locate. The sheer volume and accessibility of the data compiled by brokers create a significant vulnerability for privacy and personal safety.

Gary Warner, a digital scams researcher and director of intelligence at the cybersecurity firm DarkTower, notes that finding a home address, particularly for someone who has lived in the same location for a long time, can be “trivial.” He adds that for individuals who are younger, do not own homes, or are less politically active, data brokers often have “other favorite sites” for compiling and selling their personal details.

The ease with which this information can be obtained contrasts sharply with the difficulty individuals face in controlling their data or having it removed from these databases. Opt-out processes, where they exist, are often cumbersome, confusing, and ineffective, requiring individuals to navigate dozens or even hundreds of different broker websites.

A Call for Regulation: The Unaddressed Privacy Gap

Privacy and public safety advocates have consistently argued that the United States desperately needs comprehensive federal legislation to regulate data brokers. Unlike many other developed nations, the US lacks a single, overarching federal data privacy law akin to Europe's General Data Protection Regulation (GDPR) or California's Consumer Privacy Act (CCPA). This regulatory vacuum allows data brokers to operate with minimal oversight regarding how they collect, use, and sell personal information.

Efforts to introduce federal regulation have faced significant hurdles. Proposed rules from federal agencies, such as those that might have shielded Americans from data brokers, have reportedly been quashed. This lack of action leaves individuals exposed, with limited legal recourse to prevent their sensitive information from being bought and sold.

Senator Ron Wyden of Oregon, a vocal advocate for data privacy, highlighted the connection between the Minnesota shooting and the unregulated data broker industry. “The accused Minneapolis assassin allegedly used data brokers as a key part of his plot to track down and murder Democratic lawmakers,” Senator Wyden told WIRED. “Congress doesn't need any more proof that people are being killed based on data for sale to anyone with a credit card. Every single American's safety is at risk until Congress cracks down on this sleazy industry.”

Wyden's statement underscores a critical point: while public records contribute to the availability of some information, data brokers go far beyond simply compiling publicly available data. They aggregate information from private sources, infer details based on online behavior, and create detailed profiles that can be far more revealing and potentially dangerous than simple directory listings.

Evan Greer, deputy director of the digital rights group Fight for the Future, echoed this sentiment, pointing out that while the Minnesota case involves high-profile victims, data brokers have previously been implicated in facilitating harm against less known individuals. “These are not the first murders that have been abetted by the data broker industry. But most of the previous targets were relatively unknown victims of stalking and abuse,” Greer alleged. “Lawmakers need to act before they have more blood on their hands.”

A memorial is seen on the desk of state representative Melissa Hortman in the House chambers at the Minnesota State Capitol on June 16, 2025, in St. Paul, Minnesota.
A memorial is seen on the desk of state representative Melissa Hortman in the House chambers at the Minnesota State Capitol on June 16, 2025, in St. Paul, Minnesota. Photograph: Steven Garcia/Getty Images

The Vulnerability of Public Figures and the General Public

The case highlights a specific vulnerability for public officials, whose information is often more accessible due to the nature of their roles. Campaign finance records, voter registration databases (in states where they are public), and official legislative websites can all contain personal details, including home addresses. While transparency is important for accountability, the ease with which this information can be aggregated and exploited raises serious safety concerns for those in public service.

However, the risk is by no means limited to public figures. Anyone can become a target of stalking, harassment, or violence, and data brokers make it easier for perpetrators to find their victims. The data collected and sold includes information on millions of ordinary citizens, often without their explicit consent or even awareness.

The types of data collected by brokers are extensive and can include:

  • Contact information (names, addresses, phone numbers, email addresses)
  • Demographic data (age, gender, marital status, income level)
  • Consumer habits and purchase history
  • Online activity and browsing history
  • Social media profiles and connections
  • Public records (birth certificates, marriage licenses, property records, court records)
  • Location data
  • Inferred interests and characteristics

This comprehensive profiling, when combined with easily searchable databases, creates a detailed digital footprint that can be pieced together by malicious actors. The Minnesota incident serves as a grim reminder that this isn't just an abstract privacy concern; it has real-world, potentially lethal consequences.

Addressing the Challenge: Potential Solutions and Obstacles

The calls for regulating data brokers are growing louder in the wake of incidents like the Minnesota shooting. Several approaches are being discussed:

Comprehensive Federal Privacy Law

Advocates push for a federal law that would establish clear rules for how personal data can be collected, used, and sold. Such a law could require data brokers to register, allow consumers to easily access and delete their data, and prohibit the sale of certain sensitive information, like home addresses, without explicit consent. A federal standard would provide consistent protection across all states, addressing the current patchwork of state-level regulations.

Enhanced Enforcement by Federal Agencies

Even without new legislation, agencies like the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) have some authority under existing laws to regulate unfair or deceptive practices. However, these efforts have faced challenges, and advocates argue that stronger mandates and more resources are needed to effectively police the data broker industry.

State-Level Initiatives

Some states have taken steps to address data broker issues. California's CCPA and CPRA provide consumers with rights regarding their data, including the right to know what data is collected and the right to request deletion. Other states are considering or have passed similar laws. New Jersey's “Daniel's Law,” for instance, was enacted after the murder of the son of a federal judge, whose information was found online. This law restricts the online publication of addresses and phone numbers of judges, prosecutors, and law enforcement officers. Expanding such protections to other vulnerable groups or the general public is a potential path, though a federal solution is seen by many as more effective.

Industry Self-Regulation

While some industry groups have proposed self-regulatory measures, critics argue that these are often insufficient and lack meaningful enforcement mechanisms. The profit motive inherent in the data broker business model can conflict with robust privacy protections.

Technological Solutions and Best Practices

Individuals can take steps to minimize their digital footprint, such as using privacy-focused browsers and search engines, opting out of data collection where possible, and being cautious about sharing personal information online. However, these individual efforts are often insufficient against the scale and sophistication of data broker operations.

The path to meaningful regulation is fraught with challenges, including lobbying efforts by the data industry and debates over the balance between privacy, transparency (especially for public officials), and the free flow of information in a digital economy. However, the human cost highlighted by the Minnesota shooting adds a grim urgency to these discussions.

The Human Cost and the Path Forward

The deaths of Representative Melissa Hortman and Mark Hortman, and the injuries sustained by Senator John Hoffman and Yvette Hoffman, are a profound tragedy. While the full details of the suspect's motivations and methods are still emerging, the alleged use of data broker sites serves as a stark illustration of how readily available personal data can be weaponized.

This incident is not an isolated case of data misuse, but it brings the issue into sharp focus by impacting prominent public figures. It highlights that the risks associated with the unregulated data broker industry are not theoretical; they are real, and they can be deadly.

As investigations continue, the focus will likely remain on how the suspect obtained the victims' addresses and the role that online data services may have played. This case provides compelling evidence for policymakers who have been pushing for stronger data privacy protections. The argument that personal data is merely a tool for targeted advertising becomes difficult to sustain when that data is allegedly used to facilitate violent crime.

The Minnesota shooting serves as a tragic catalyst, forcing a national conversation about the ethical responsibilities of companies that profit from collecting and selling personal information and the government's role in protecting its citizens from the potential harms enabled by this industry. The safety of public officials, and indeed, the safety of every individual, depends on addressing the gaping holes in current data privacy laws.

Moving forward, legislative action at the federal level appears increasingly necessary to establish clear rules, provide individuals with meaningful control over their data, and hold data brokers accountable for how the information they trade is used. Without such action, the risk that personal data will continue to be exploited for malicious purposes – with potentially tragic outcomes – remains alarmingly high.

The memory of the victims in Minnesota should serve as a powerful reminder that data privacy is not just a technical or abstract issue; it is fundamentally a matter of personal safety and security in the digital age.

External References: