Are you paying for data broker removals? Why or why not?

Following the shooting of the UHC CEO it seems executives are more concerned about their safety. I’m curious if people are doing anything to remove PII from the open web. Stuff like DeleteMe, Incogni, Optery or even ZeroFox, Picnic, Kanary.

If you are is it effective/do you like what you’re using?

If you aren’t, why not?

Do your due diligence researching these companies before signing up. Aura is a company with not only questionable practices but also has a vast amount of layered business registration filings that lead to China.

NPD was breached & data publicly downloaded, that ship has sailed.

I just have a generic GPDR right-to-be-forgotton template I 'bcc out to anyone who has my details and go from there, it works surprisingly well.

A public corporation has to publish officers names. The amount of information that’s required to be published depends on the state, the type of corporation, and if they belong to an exchange. You can look up company info on the state’s corporation websites.

Maybe they should be more concerned with how they are fucking their customers.

Yes. I pay for incogni and no longer get calls asking about my car warranty or really any other unsolicited calls. My physical mailbox is not full of junk mail every day anymore. Though I didn’t think to add all of my family members contact info as well, which gave a shady cybersecurity software company salesperson a way to track me down.

This is what we call a “suckers bet.” Especially if you’re a publicly traded company.

I have professional experience doing data removals. Some of the firms you’ve listed don’t do a great job. As far as I can tell, they use semi/fully automated systems. The problem is that their automation isn’t great. I’ve seen many instances of them claiming to have removed from sites when they haven’t, or just sloppy work where they remove someone else with a similar name. Happy to answer questions in PMs if anyone is interested.

We have zero fox but are using it to find typo squatted domains mostly right now or take LinkedIn accounts. Company isn’t really large or well known, business to business entirely

Yeah, I pay for Icogni.

The amount of bullshit and nonsense I receive now is near zero.

I pay because the sheer volume (in the several hundreds) of people search sites makes it darn near impossible to go at it on my own.

And for the rare occasions that Incogni cannot remove something, at least their dashboard is easy to navigate and transparent – so I can go to the offending website myself and initiate removal actions there.

Icogni is also particularly good at sniffing out some of the sleazy tactics of the people broker websites. For example, they’ll copy all your PII but change only the address, which technically creates a new record that isn’t subject to the criteria one is specifying for removal. Icogni notifies you when that happens.

We have been getting a lot more executive cleaner work this year mostly because of the elections but we don’t do the data broker thing as it’s pretty much a scam. We map the cyberphysical attack surface, clean up as much as we can, and work with their legal and PR team to sow disinfo for the rest.

I have seen an uptick in interest. I had an RFI sent to me about a week before the UHC incident.

Yes, personally.
Optery. They have free guides for removal on all sites, or you pay them to automatically do it for you

I don’t think this is topic is relevant for cybersecurity.

I’m pretty sure that the ceo killer dude would’ve been smart enough to find almost anyone he wanted to and without buying from data brokers… you can’t really have a fully private secret life if you are in such a position at a large company…

just to prove the point, I just asked chatgpt when and where the CEOs of HP, Intel, Tencent, Nvidia and Bytedance will have their next public events, it was able to give me the info for HP and Nvidia:

Enrique Lores, CEO of HP Inc., is set to appear at HP Imagine 2024 on December 19, 2024. This event will focus on unveiling new innovations related to AI and transformative workplace technologies. The event will be streamed online, showcasing HP’s forward-looking developments​

NVIDIA CEO Jensen Huang’s next public event will be his keynote speech at CES 2025. It is scheduled for Monday, January 6, 2025, at 6:30 PM PT, held at the Mandalay Bay Michelob ULTRA Arena in Las Vegas, Nevada. This keynote is part of the CES 2025 event, which runs from January 7–10, showcasing the latest advancements in technology, including innovations from NVIDIA

(i didn’t check if that was correct, but I’m pretty sure you can get some correct info as easy as this.)

at the same time, I’m also pretty sure dumb people wouldn’t even bother with data brokers and just wait in front of the main building everyday for a week if they wanted to get the CEO of some company…

so, to answer your question: no. i think most databrokers are a scam.

I don’t bother. My job doesn’t involve me intentionally making decisions that effectively murder countless people every year, so I feel pretty safe.

Those services aren’t as big in Canada. I’ve never done the research but wondering why.

Are companies like Incogni efficient in Europe? Laws are stricter here (e.g. GDPR) and I suspect they mostly target the North American market.

If you are a high net worth individual or a High-value individual (e.g. C-suite or head of IT) you need to be more careful with your physical security and digital footprint. Remember the $230M+ in Bitcoin that was stolen from a single person? Was it some random luck or did they know the guy had all that money? According to court documents, they targeted the victim because they identified him as a high-net-worth investor from the early days of cryptocurrency. Their scam required them to know everything about the victim: full legal names, emails, phone number, home address, SSN… to improve the success of their social engineering attack.

You don’t need to be a C-suite to have a reason to cleanup your PII from the surface web. Anyone can become a victim of doxing, online harassment, ID theft or social engineering. Reducing your digital footprint is a great way to minimize the risks. You can use DIY guides [1] [2] or have a paid service do it for you.

Disclosure: I work at Privacy Bee: a data removal service for protecting users from data broker exploitation

I’d pay to see them all thrown into the ocean.
Just playing watchdogs just playing
But seriously are we throwing data brokers in the ocean ? Asking for a friend