In June 2026, Minnesota state legislators Melissa Hortman and John Hoffman were targeted at their private residences. Hortman was murdered at home along with her husband. Law enforcement recovered a handwritten notebook from the suspect listing 11 people-search data broker websites, annotated for what data each returned and which required no payment.
The mechanism required no hacking, no breach, no insider access. The residential addresses were pulled from the same people-search infrastructure that anyone can access in under ten minutes with a name and a state.
That infrastructure operates on public record aggregation. Business filings, county property records, voter registrations, court documents. Every time a business owner registers an entity, appears in a county index, or transacts in any jurisdiction that maintains public records, a new data point is created. Data broker platforms compile those points and surface them on demand.
The target in this case was a sitting legislator. The mechanism that exposed her does not discriminate by title.
A business owner who has registered an LLC, operated a DBA, or signed a commercial lease under their own name is in the same database. The address recorded in that filing is the address that returns when someone searches their name.
What does the search result on your name actually return?
Are you carrying this exact same risk right now? The RuleDraft Small Business Isolation Manual provides the straight-to-the-point instructions to lock down your infrastructure before you become our next triage headline.
#SmallBusiness #DataPrivacy