Introduction

The availability of sensitive personal data through breaches and its continual sale online exposes individuals—and by extension employers—to a range of threats. Most US citizens are notified multiple times a year of disparate data breaches exposing their data, including at times sensitive personally identifiable information (PII). Assessing the associated severity and ramifications often requires proactive efforts. Nisos partners with corporate security and executive protection teams to detect and mitigate data exposure on the surface, deep, and dark web. The constantly evolving threat landscape in which threat actors regularly identify new exploits requires protective services to continually identify and account for all real-world and online vulnerabilities. While automated or semi-automated removals of online data from people search sites can provide some protection, other digital vulnerabilities—such as data breaches and social media use—often provide enough information for a threat actor to commit fraud, confront a target, or pursue other harm against individuals or entities.

In addition to breaches, US citizens’ information is regularly bought and sold through data brokers. An Executive Order issued in February 2024 aims to restrict the sale of “Americans’ bulk sensitive personal data” to foreign adversaries—such as China, Russia, and Iran—over concerns of actors using personal data for “illicit purposes” and posing risks to national security. The continual sale of sensitive citizen data domestically and abroad almost certainly means state-sponsored—including adversarial countries—and independent threat actors still acquire the data through subsequent sales and transfers. This data possibly provides access to corporate executives, who are often targeted due to their proximity to sensitive company information and trade secrets. It also can identify other weak links in a corporate structure, allowing for threat actor access. At Nisos, we support our clients by identifying exposures, manually removing PII from available locations, and minimizing risks on social media and other platforms. Nisos analysts work directly with clients to address specific threats and vulnerabilities in an effort to enhance the overall security posture of individuals and companies.

“Our adversaries are exploiting Americans’ sensitive personal data to threaten our national security. They are purchasing this data to use to blackmail and surveil individuals, target those they view as dissidents here in the United States, and engage in other malicious activities.”

– Attorney General Merrick B. Garland.

Executive Protection Overview

Nisos’ Executive Shield services and associated manual, analyst-driven Personally Identifiable Information (PII) removals provide top-tier protection to fraud victims, harassment targets, and individuals seeking to proactively protect their personal information. Nisos’ Executive Shield and PII removal services outperform automated or semi-automated removals through quickturn removal requests on sites accessible to threat actors; ongoing analyst-led reviews for data repopulation; and full-suite monitoring for vulnerabilities on social media, deep/dark web marketplaces, public records sites, and data breaches. Executive Shields provide a comprehensive threat monitoring solution to mitigate digital vulnerabilities that can enable digital and even physical attacks. A dedicated analyst’s careful coordination with and understanding of an individual’s life helps identify unique, dated-yet-relevant, or nuanced data that automated services likely miss.

PII Removal

Effective PII removal requires immediate identification and data mitigation to deter threat actors from abusing the available information. A recent Consumer Reports study found manual opt-outs had a higher elimination rate and achieved a quicker completion than automated services. This—in conjunction with Nisos’ continual monitoring and mitigation of other threat-actor-accessible vulnerabilities—quickly protects a target from both known and undetected threat

•  Nisos procedures quickly remove a majority of an individual’s PII. This has included quickly reducing a fraud victim’s available PII from 103 sites to 37 on the first day of removals. Continued monitoring subsequently reduced access to the individual’s information on people search sites, social media accounts, and other public locations.
• Multiple Executive Shield clients identified our PII removal service alongside pattern-of-life monitoring as the unique offering that led them to Nisos. An individual who previously used automated PII removal services for multiple years before beginning Nisos’ Executive Shield monitoring was still exposed on over 100 popular PII sites, which we reduced down to 46 in one day and further reduced in subsequent monitoring.
• Many PII removal services focus on requesting removals from data broker sites on which the presence of an individual’s data is unconfirmed and which are generally sites not accessible or helpful to threat actors. Nisos removals focus on PII sites where threat actors seeking to harm or defraud a victim find or purchase personal information that can pose physical or financial harm.

Executive Shield Threat Monitoring

Nisos’ Executive Shield service is most effective when combined with PII removals and ongoing monitoring. PII removals from people search sites, data marketers, data brokers, ancestry sites, residence listings, telephone lookups, and business records are only effective if sensitive data is not otherwise available to threat actors. While an individual can generally affect change on some sources, such as their content on social media, exposure in data breaches is outside an individual’s control and can often provide significant insight into a person’s sensitive biographical data, location information, and finances. Nisos’s Executive Shield services continually review and provide vulnerability mitigation recommendations to reduce online footprints.

• Executive Shield monitoring provides consistent, personalized recommendations to support individuals in reducing publicly available information, adopting new practices on social media, and alerting them to how threat actors can act on or abuse seemingly benign information.
• In the first half of 2024, there were over 1,500 unique breaches affecting over 1 billion victims, and major breaches that have already occurred in the second half of 2024 strongly indicate 2024 will likely set a new record for the number of compromises in a single year, according to the Identity Theft Resource Center.
• These breaches included millions of users’ social security numbers, biographical data, and credit card information. Breach data is highly accessible to threat actors for use in physical, financial, or reputational attacks against individuals and companies, particularly if the victim is not aware of the exposure.

Conclusion

Nisos’ Executive Shield service offers a proactive approach to mitigating threats—preparing for the worst while eliminating nefarious actors’ access to information that can enable attacks. Combining effective PII removals with ongoing monitoring and vulnerability mitigation protects our partners from ever increasing threats. Nisos recognizes that individuals and companies place a significant level of trust in our efforts and capabilities when they undergo this level of monitoring and proactive protection. Through this trust and relationship, Nisos can help protect an individual’s family, assets, and reputation and mitigate vulnerabilities.