Doxxing refers to the malicious act of publicly revealing personal information (PII) about an individual or organization without their consent. This information is often gathered from publicly available sources, such as data broker sites, and then published online. The rise in online work and the growing digital exposure of employees and executives make doxxing a serious threat to businesses. The consequences of doxxing—such as harassment, hacking, identity fraud, and even physical violence—can have severe personal and operational impacts.
Understanding the Risks of Employee PII
Personally identifiable information (PII) is any data that can be used to identify an individual, such as names, addresses, or phone numbers. For doxxers, this information is often easy to access without sophisticated technical means—especially when it’s publicly available on data brokerage sites, social media, or company directories.
Once an attacker obtains an employee’s PII, they can use it to launch doxxing attacks by publicly exposing this information, causing severe outcomes such as:
- Harassment: Targeted online or even in real life, employees can experience a range of malicious behaviors, from prank calls to personal attacks.
- Hacking: The personal information exposed through doxxing can be exploited by hackers in social engineering and credential stuffing attacks.
- Identity Fraud: PII can be exploited for financial gain by opening fraudulent accounts or accessing sensitive accounts.
- Physical Threats: In extreme cases, employees or their families may receive threats, or become victims of violence, especially if home addresses or contact details are exposed.
Example: The case involving the New Jersey federal judge, Esther Salas, is a notable and tragic example of doxxing. In 2020, Judge Salas’s son was fatally shot, and her husband was critically injured by a gunman who had obtained their home address through data brokers.
Executive Doxxing Protection
Executives are prime targets for doxxing because of their visibility, decision-making power, and access to proprietary company data. When an executive is doxxed, this can lead to both personal and organizational threats:
- Proprietary Information Exposure: Attackers could use personal data from doxxing to impersonate executives or gain access to accounts linked to business data.
- Physical Threats & Harassment: Executives may face real-world harassment or stalking as attackers target their home addresses, phone numbers, or other personal data.
- Digital Access Compromise: Through doxxing, attackers can exploit vulnerabilities to access sensitive business networks and compromise operations. For example, attackers can leverage doxxed data to break into executives’ email or other business accounts and cause widespread damage.
Strategies for Protecting Executive Information
To protect executives, companies must implement comprehensive protection measures:
- Personal Data Removal: A critical defense is reducing the availability of exposed executive data online. Data removal services like Optery can help remove executive PII from hundreds of data broker websites, reducing the risk of doxxing.
- Secure Communication Channels: Ensure that communication between executives and other employees or vendors is encrypted and secured.
- Strong Privacy Policies: Put in place privacy controls that limit the sharing and exposure of executive and employee data.
- Multi-Factor Authentication (MFA): Implement MFA for all executive accounts to add an extra layer of security. Even if doxxers gain access to credentials, MFA can prevent unauthorized access.
- Deploy Physical Tokens: High-risk executives should use physical MFA tokens (such as FIDO or YubiKeys) to prevent account compromise following exposure of PII through doxxing.
- Password Managers: Encourage the use of password managers, which securely store credentials and generate strong passwords. This helps reduce the likelihood of credential stuffing attacks that could result from doxxing.
Comprehensive Employee Doxxing Prevention
Organizations should prioritize doxxing prevention beyond executives for employees in roles more likely to be targeted, such as public-facing roles and frontline workers. Certain industries are particularly at risk, including law enforcement, news media, and political organizations, where employees may face threats due to the nature of their work. Here are key steps to consider for mitigating doxxing risks:
- Employee PII Removal: Removing employee PII from public sources and data brokerage sites should be a top priority. Personal data removal services can drastically reduce the amount of information attackers have access to, mitigating the risks of doxxing and complementing other cybersecurity measures.
- Training & Awareness: Employees should be educated about the dangers of oversharing online. Cybersecurity awareness training should emphasize how personal data can be used in doxxing and social engineering attacks.
- Privacy Policies: Implement company-wide policies that minimize employee data exposure, such as limiting what information is publicly available on social media or company websites.
- Additional Measures: For high-risk employees with sensitive access, the use of MFA, physical tokens, and password managers are recommended to protect against secondary attacks resulting from doxxing.
Protecting Employees and Executives Against Doxxing
Prevention is better than reaction when it comes to doxxing. By proactively removing PII, implementing strong privacy policies, using MFA, physical tokens, and password managers, and educating employees on the risks of oversharing, companies can greatly reduce their vulnerability to doxxing attacks. Creating a culture of privacy and security is the key to ensuring that both employees and executives are protected.
Optery helps businesses safeguard their employees and executives by providing comprehensive PII removal services. Ready to take the next step in protecting your organization from doxxing? Explore our guide on choosing the right personal data removal solution today.