As the CEO of a growing digital executive protection firm, our API partner acutely understands how exposed personal data fuels a variety of attack vectors—and why removing it is critical to protecting high-profile clients from targeted attacks.
The firm specializes in targeting its own clients the way an attacker would, using the same Open-Source Intelligence (OSINT) reconnaissance and investigative techniques bad actors employ to uncover exploitable information. By pinpointing online vulnerabilities before an adversary does and eliminating them, they help their clients—many of whom are high-risk sensitive targets—stay secure.
One of the firm’s core services is personal data removal, which is essential for protecting their clients against social engineering, account takeover, identity fraud, doxxing, harassment, and physical violence. To assist them in this endeavor, they turned to Optery’s API, integrating it into their services to help prevent clients from being easily targeted.
The CEO on the dangers of data brokers
With a background in OSINT targeting and investigative work, the firm’s CEO knows exactly how attackers conduct reconnaissance using a target’s digital footprint—because he uses the same methods to protect his clients. He knows how easily exposed personal data can be weaponized, and how attackers rely on data brokers, breach data, and other OSINT sources to execute their attacks.
The first step in any targeting operation is reconnaissance, and data broker sites make it easy for attackers looking to build a complete profile of their targets:
“When I’m trying to find someone, as any OSINT course will tell you, the first place you’re going to go to is a data broker site and try to expand the profile of the person you are trying to get information on.”
From there, it becomes easy to compromise accounts and launch tailored attacks:
“There’s so many things you can do with the data that’s out there on someone. If I have a name, an email, a location, I’m gonna then go see what data has been breached in connection with this info, then I’m going to be able to break into their accounts and target them in a variety of ways.”
As the CEO notes, removing exposed information disrupts attacker reconnaissance, making it significantly harder to build a viable attack profile. As a result, adversaries typically move on to easier, more data-rich targets:
“If the data isn’t out there on an individual, the bad actor is going to move on to the next person.”
Why the company chose Optery
For the firm, personal data removal offers a fundamental layer of protection for their high-risk clients, making comprehensive data removal from data broker sites an absolute necessity. The company conducts its own in-house opt-outs, but needed an API solution that could scale their efforts.
When selecting a data removal provider, the company’s CEO took a methodical, industry-informed approach. Having spent years evaluating solutions, Optery stood out from the competition:
“We know the space extremely well, and Optery was selected for a variety of reasons. For years I’ve been looking at companies like this. One thing about Optery that’s really great is that Optery shows a very clear understanding of how to operationalize what they do.”
The CEO knew effective data removal required much more than simply sending out takedown requests, as different brokers have different procedures for removal, policies can change, and many data brokers are actively resistant to removal requests. He needed a provider who had the capability to adjust and address these challenges quickly:
“You have to understand how all these different brokers work and be flexible when changes happen. You have to be able to mitigate and adapt to brokers’ lack of compliance. Optery is able to do this quickly to get the data removed.”
The CEO was impressed by how Optery had scaled a highly complex, adversarial process into an effective and efficient system:
“Optery has this excellent product that is very intricate. There’s so many moving parts to it. And it’s dependent on third parties that don’t like you and are resistant. To be able to scale that, especially as a startup, is really impressive.”
The quality of the team behind the product is also something the CEO commented on:
“The team at Optery has been fantastic. They are very responsive. If there’s an issue, it’s usually addressed or resolved on the same day. Even the people in sales, they actually have an understanding of the industry and the problems posed by brokers. So Optery does a good job at educating its employees. They have also gone above and beyond in other ways that have helped us better serve our clients. That really goes a long way with me.”
The results: Stronger protection for high-risk clients
For the firm’s clients—many of whom are high-profile individuals facing persistent threats—reducing their digital footprint is essential for preventing both digital and physical attacks.
By integrating Optery’s API into its security services, the company has significantly strengthened its ability to limit what adversaries can find and exploit. Given the high-risk nature of their clients, the CEO appreciates having a data removal partner that is both thorough and relentless in eliminating exposure:
“We have some extremely sensitive clients, and I mean extremely sensitive clients, and we trust Optery to go out and clean up what’s out there as much as humanly possible.”
Having tested and observed the effectiveness of various data removal providers, the CEO has seen firsthand the difference Optery makes:
“Optery makes a huge difference in improving the security and reducing the risk of our clients. I don’t like hunting people online who have used Optery. I have clients who have used DeleteMe, and I don’t have to do much to find them. It’s extremely easy to find people who have used DeleteMe. With Optery, it’s different. I’m looking harder. It’s not particularly easy to do. There’s quality there. Post-Optery, it is definitely harder to hunt and target someone.”
Cybersecurity’s blind spot: The need for data removal
The CEO comments that, despite the clear security risks posed by exposed personal data, the importance of data removal is still underestimated in many cybersecurity circles. While privacy professionals have long recognized the need to limit digital exposure, cybersecurity professionals haven’t traditionally treated personal data removal as a means to reduce their attack surface.
“There’s a difference between the privacy people and the cybersecurity people when it comes to data removal. The cybersecurity types slowly come around to the idea. Cybersecurity focuses on trying to find and investigate and defend against threats, but that doesn’t always translate into trying to find people.”
This disconnect has led some security professionals to dismiss data removal as purely a privacy concern, rather than recognizing its critical role in threat prevention. As exposed personal data continues to be the top enabler of cyberattacks, the CEO argues that this mindset needs to change:
“Data broker removal is a privacy thing, but it’s even more so a cybersecurity thing in many different ways.”
“It is so easy to take data broker info as a starting point to get into a company. It leaves a lot of organizations extremely vulnerable. Data removal is a core thing for cybersecurity. If a cybersecurity product doesn’t offer this, it doesn’t make a lot of sense.”
Despite this, some organizations still don’t recognize the business case for data removal, viewing it as an optional employee benefit rather than a preventative security investment. But in reality, reducing employee exposure directly reduces organizational risk:
“Some companies might look at data broker removal as a nice-to-have employee benefit and they don’t end up getting it because they don’t realize its importance. There has to be something in it for them. What’s in it for them? If your employees have a significantly smaller threat surface, then that leaves you significantly safer as an organization.”
Shifting from reactive to proactive security
Not recognizing that personal data removal is essential for both privacy and security has real consequences. Too often, the importance of reducing digital exposure is only recognized after an incident has already occurred. The CEO has seen this pattern repeatedly:
“The sad thing is whether you’re an individual concerned about privacy, or a cybersecurity team at a company, they often learn their lesson after it’s too late. That’s when they get into privacy. With cybersecurity, it’s the same thing.”
This reactive mindset leaves companies unnecessarily vulnerable. Attackers don’t wait for organizations to realize the importance of data removal—they actively exploit exposed personal information to break into organizations.
“The majority of breaches at companies are through employees, through phishing or credential stuffing or other methods. You could have excellent security where an outside attacker just can’t get in. What am I going to do? I’m going to find an employee’s info and if the company doesn’t have everything locked down the way they should, I’m going to get in that way.”
The CEO emphasizes the need to treat data removal as a proactive security measure, not a last resort:
“Once a company gets breached and realizes one of their employees was compromised, then they recognize the need to reduce their threat surface. Don’t wait until there’s a breach. Assume a breach will happen if you do not get their data removed. It’s a must.”
A stronger security posture with Optery’s API
By integrating Optery’s API, this digital executive protection firm continues to help high-risk clients avoid targeting, secure their online footprint, and minimize their exposure to PII-based attacks.
With comprehensive data broker removal as a core component of its security strategy, the company has significantly strengthened the security posture of its clients and reinforced its commitment to protecting those who need it most.