Who can track your location through your smartphone? The phone companies have the ability to do so, and until recently, have been selling your location data to private companies so that bounty hunters and creditors could track you down anywhere on the continent.

An investigation by Motherboard, an online publication, found that approximately 250 bounty hunters and related businesses had access to customer location data from various telecommunications companies. Documents obtained in the investigation show that telecom companies sold data intended to be used by 911 operators and first responders to data aggregators, who sold it to companies like CerCareOne, who sold the information to bounty hunters. Some bounty hunters then resold the data to others unauthorized to handle it. This data was in some cases so accurate that it could pinpoint an individual’s exact location inside a building.

 CerCareOne, one company that was investigated, operated for at least five years until late 2017 and sold cell phone tower data as well as highly sensitive and accurate GPS data. GPS-enabled devices are offered by every major telecom carrier and are used to access rideshare services, maps, roadside assistance and 911 location services. CerCareOne’s data ultimately provided customers with a map interface of a device’s approximate location.

The investigation revealed that CerCareOne sometimes charged up to $1,100 per phone location and that some customers made around 18,000 individual phone location requests per year. The existence of CerCareOne was kept secret by requiring subscribers to keep the service confidential.

After Motherboard’s reporting, fifteen senators have called on the FCC and FTC to investigate how consumer location data ended up in the hands of bounty hunters. In a time when media and policy makers are paying more attention than ever to how location and other sensitive data is collected and sold, this investigation reveals the practical concerns of accessibility to mobile networks and the data they generate.