CASE STUDY

Reducing Executive Risk by Removing Sensitive Personally Identifiable Information (PII) from the Internet

by | Dec 1, 2020 | Case Study, Executive Shield

The Challenge

A technology company tasked Nisos to conduct a threat evaluation assessment on one of their executives after multiple internet forum users posted inflammatory, threatening, and racially derogatory content.

More concerning, some forum users posted the executive’s residential address, social media accounts, public records information, speaking engagements and locations, and other sensitive personal information.

Why Nisos

The company approached Nisos to conduct a threat evaluation and digital identity reduction (PII removal). Prior to engaging Nisos, they had approached other vendors who could conduct a threat evaluation but had no ability to action and remove the problematic PII data.

Preparation

Nisos used a variety of available external data sources that did not require access to internal company information.

Execution

Nisos collected and analyzed multiple feeds – including social media posts, web forums, blogs, and dark web sources – to identify and assess threats to the Client’s executive. Based on this information and a review of publicly available information, Nisos researchers identified potential threats to the executive’s physical and digital security.

The information discovered included multiple online posts from users in a “stalking” forum, called Kiwifarms, targeting the executive and the company’s subsidiary. Users claimed to have “doxed” the executive and included images of personal social media posts that referenced the executive’s residential address and other personal information.

In other posts, online users appeared to share additional sensitive personal information, including the executive’s date of birth, phone number, social media account profiles, physical location, and conference attendance. This information indicated that the executive as being targeted both digitally and physically.

In addition, Nisos identified derogatory comments about the executive, including criticism of him as an individual and of the company. Comments also included threats of violence and racially derogatory rhetoric.

Outcome

As a result of the threat evaluation, the company engaged Nisos to remove as much of the executive’s PII as possible. Nisos reduced the access to his PII through legally protected opt out procedures on public and private data broker sites and thus significantly reduced his digital footprint. These brokers included, but were not limited to MyLife, Radaris, and BeenVerified. In addition, relevant addresses and phone numbers were added to do not call lists and removed from mailing lists. Nisos also identified the executive’s property on street view imagery sites such as Google and Bing Streetview and requested blurring of these images for additional privacy.

About Nisos

Nisos is the Managed Intelligence™ company. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.

For additional information, contact info@nisos.com

 

 

 

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks