Personal Information Exposure Online Puts Correctional Officers at Risk
Here's What to do About it
Rob Shavell
Ask a correctional officer to rank on-the-job risks, and personal information exposure online would be unlikely to make the top 10.
This is unfortunate. Correctional officers and other law enforcement officials don’t always think about their online identity, but inmates and their associates, as well as cybercriminals and fraudsters looking to commit identity theft or attack public institutions with ransomware, certainly do.
To reduce the likelihood that their personal information will turn them into a target, correctional officers need to understand a) where individuals and groups find their data online, b) who’s targeting them with that PII, and c) what steps to take to reduce the likelihood of their data being exposed and used against them.
Where Officers’ Personal Information Can Be Found Online
Finding officers’ personal details online can be surprisingly easy.
The obvious offenders, like officers’ own social media accounts, are, of course, a popular source of data. However, even if you close down these accounts or make them more private, that won’t isolate you from personal information threats.
The reason why is data brokers. Data brokers are companies that collect your information from various sources, like social media and public records, compile this data into profiles, and then sell these profiles to anyone who wants them for as little as $0.99 (in some cases, they’re even free).
Data broker profiles are comprehensive, commonly including data like contact details, home addresses, family information, and more. But the data that’s available through them is also constantly growing.
Between 2019 and 2022, the volume of personal information findable about individuals through a simple Google search tripled. The average person now has more than 500 pieces of personally relevant data about them spread across dozens of data broker sites (DeleteMe, 2022).
Who’s Using PII to Target Correctional Officers
The people buying correctional officers’ personal information from data brokers mostly do so for legitimate, if invasive, reasons. Customers ranging from advertisers to social media sites and even the government buy packages containing personal information to target advertisements or understand certain demographics.
For example, a marketing agency might buy a package of information titled “public sector workers in Dallas, Texas,” to try and sell individuals, including correctional officers, a targeted loan offer. The results of these kinds of data sales can be intrusive (spam calls and ads) but are mostly relatively harmless.
Unfortunately, advertisers and marketers are not the only ones searching data brokers for correctional officer data. Correctional officer information is particularly attractive for three kinds of threat actors.
Cybercriminal Gangs Targeting Public Sector Institutions
The public sector as a whole is grappling with a wave of cybercrime. Attacks against public sector institutions are up 40% in the second quarter of 2023 (BlackBerry, 2023) compared to the start of the year. Some of this crime is profit-driven, but with global political tensions rising, culprits also include ransomware gangs based in belligerent states like Russia and China, who want to cause as much disruption as possible.
We know from leaked cybercriminal chat logs that these groups are using data broker databases to find information to personalize phishing emails and hack credentials (Hill, 2023). Most data brokers say they vet their customers, but the reality is that vetting tends to be lax. With many brokers, all someone needs to get their hands on correctional officers’ personal data is a credit card.
Many data brokers themselves have also been breached in the past, while others have accidentally left their servers open to the internet (Sherman, 2022). When Apollo, a data broker, was hacked in 2018, nine billion data points were exposed.
Fraudsters and Identity Scammers
Personal information exposure is a proven precursor to identity theft. About a third of Americans have experienced identity theft attempts in their lives (National Council of Identity Theft Protection, 2023).
Identity thieves are often opportunistic individual criminals, but identity theft is also a massive and growing online industry. In 2013, the Secret Service arrested a man who was running an identity theft service from Vietnam that gave criminals access to data belonging to more than 200 million Americans. Much of the information the criminal sold had been initially purchased directly from data brokers under an alias.
People Who Want to Threaten Officers
Correctional officers have always faced the threat that criminals will attempt to blackmail them or their families if highly sensitive personal information (like home addresses, children’s details, phone numbers, emails, etc.) becomes known.
Today, however, easy-to-access personal information combined with the growing risk of politically motivated targeting has supercharged this risk. We saw an example of this risk become real in 2020 when the “BlueLeaks” archive exposed the personal data of 700,000 law enforcement officers.
On an individual level, anyone can use a correctional officer’s personal information to harm them in a range of ways, from opening false accounts in order to damage their credit score to falsely reporting them as a violent criminal and calling a swat team to their location (a practice known as “swatting.”)
How to Reduce Correctional Officers’ Digital Footprint
There are several steps correctional officers can take to improve their online privacy. These include:
Doxxing Yourself
If someone were to Google you, what results would come up? From revealing social media posts to forum comments and news mentions, doxxing yourself can give you a better idea of how easy it would be for an attacker to expose your life.
While you can easily edit/delete information that appears on sites you control (social media, blogs, etc.), for personal data that lives on third-party sites, you’ll need to contact the site owner directly.
You can also request Google’s help. However, although Google lets users remove information like home addresses, phone numbers, email addresses, and private documents from appearing on its search engine, it’s important to note that the data will still live on the site it was originally posted on.
Separating Your Professional Life from Your Personal Life
This includes not linking personal social media accounts to professional ones and using separate usernames or even names to keep the two aspects of your life distinct.
Doing so will make it harder for someone (including data brokers who scrape your social media account) who has found your LinkedIn account to also discover your Facebook, X (formerly Twitter), or TikTok, for example.
Some data brokers have a username lookup function, which lets others find out more information about a person behind a particular username.
Opting Out of Data Brokers
Officers can manually opt out of data broker databases. However, this is a time-consuming task (every data broker has a different opt-out process) and one that needs to be done continually. The reason why is that data brokers periodically recrawl the web and relist your personal data.
It is possible to subscribe to a data broker removal service to have your personal information removed from these sites on your behalf. We’ve seen a growing number of police advocacy groups enrolling in our data protection programs in the recent past.
Applying To Address Confidentiality Programs (If Applicable)
Depending on your particular circumstances, like if you’re a victim of stalking, you may be able to apply to your state’s Address Confidentiality Program (ACP).
In some states, like Idaho, just being a law enforcement officer entitles you to keep your home address confidential with public entities like voter registration, the Department of Motor Vehicles, etc.
Refraining From Giving Out Personal Information Unnecessarily
Don’t share your full name, address, and phone number unless you have to, and use a burner email address and phone number. A burner email and phone number will make it harder for someone to discover your real identity–and glean more information about you from data brokers and other online sources.
Keeping Correctional Officers Personal Data Locked Up
Even in a front-line role, removing your details from the internet can help shrink your digital footprint, reducing the likelihood that someone will be able to find and use your personal information against you.
___________________________________
Rob Shavell is CEO of DeleteMe, The Online Privacy Company. Rob has been quoted as a privacy expert in the Wall Street Journal, New York Times, The Telegraph, NPR, ABC, NBC, and Fox. Rob is a vocal proponent of privacy legislation reform, including the California Privacy Rights Act (CPRA).
References
DeleteMe (2022). 2023 PII Exposure Risk Report. Personal Data Privacy & its Important Impact on Business–DeleteMe (joindeleteme.com)
BlackBerry (2023, August). Global Threat Intelligence Report. https://www.blackberry.com/us/en/solutions/threat-intelligence/threat-report
Hill, J. (2023, September 12). ContiLeaks: Ransomware Gang Suffers Data Breach. Varonis. https://www.varonis.com/blog/contileaks
Sherman, J. (2022, September 2022). Data brokers and data breaches. Tech Policy at Sanford. https://techpolicy.sanford.duke.edu/blogroll/data-brokers-and-data-breaches/
National Council of Identity Theft Protection. (2023). 2023 Identity Theft Facts and Statistics. https://identitytheft.org/statistics/