Reducing Executive Risk by Removing Sensitive Personally Identifiable Information (PII) from the Internet

Written by Nisos | Dec 1, 2020 9:28:57 PM
The Challenge

A technology company tasked Nisos to conduct a threat evaluation assessment on one of their executives after multiple internet forum users posted inflammatory, threatening, and racially derogatory content. More concerning, some forum users posted the executive’s residential address, social media accounts, public records information, speaking engagements and locations, and other sensitive personal information.


Why Nisos

The company approached Nisos to conduct a threat evaluation and digital identity reduction (PII removal). Prior to engaging Nisos, they had approached other vendors who could conduct a threat evaluation but had no ability to action and remove the problematic PII data.

Preparation

Nisos used a variety of available external data sources that did not require access to internal company information.

Execution

Nisos collected and analyzed multiple feeds – including social media posts, web forums, blogs, and dark web sources – to identify and assess threats to the Client’s executive. Based on this information and a review of publicly available information, Nisos researchers identified potential threats to the executive’s physical and digital security.

The information discovered included multiple online posts from users in a “stalking” forum, called Kiwifarms, targeting the executive and the company’s subsidiary. Users claimed to have “doxed” the executive and included images of personal social media posts that referenced the executive’s residential address and other personal information.

In other posts, online users appeared to share additional sensitive personal information, including the executive’s date of birth, phone number, social media account profiles, physical location, and conference attendance. This information indicated that the executive was being targeted both digitally and physically.

In addition, Nisos identified derogatory comments about the executive, including criticism of him as an individual and of the company. Comments also included threats of violence and racially derogatory rhetoric.

Outcome

As a result of the threat evaluation, the company engaged Nisos to remove as much of the executive’s PII as possible. Nisos reduced the access to his PII through legally protected opt out procedures on public and private data broker sites and thus significantly reduced his digital footprint. These brokers included, but were not limited to MyLife, Radaris, and BeenVerified. In addition, relevant addresses and phone numbers were added to do not call lists and removed from mailing lists. Nisos also identified the executive’s property on street view imagery sites such as Google and Bing Streetview and requested blurring of these images for additional privacy.