| Firmographics | Digital Risk Exposure |
| Industry: Insurance Size: 3,000+ Executives Enrolled: 12 Employees Enrolled: 0 | VanishID discovered 702 breaches and 29 cleartext credentials in the span of 3 months. VanishID removed 47,960 pieces of exposed PII in 9 months. |
Executive Summary
A leading insurance company partnered with VanishID to address a critical cybersecurity vulnerability: the massive exposure of personal identifiable information (PII) of their executives and employees.
This exposed personal data was fueling social engineering attacks, online harassment, and physical threats against executives and their families. The company chose VanishID for its managed service approach and speed to deployment. Within weeks, protection was in place and each executive had received a personalized Privacy Briefing—ensuring leadership understood both their exposure and their protection.
Within three months, VanishID removed over 17,706 pieces of exposed PII and reduced digital risk across enrolled users by 35%. This dramatic reduction in the company’s human attack surface has significantly strengthened their overall security posture against data-driven threats.
The Challenge: A Visible Digital Footprint
As a prominent player in the insurance sector, the company faced unique security challenges. A wave of of publicized harassment incidents targeting corporate executives prompted leadership to act. The insurance industry presents unique exposure: decisions on claims can leave customers angry, and that frustration increasingly manifests as targeted harassment and threats against decision-makers. Initial scans revealed alarming exposure levels:
- A total of 47,960 pieces of PII was removed in a 9 month span across enrolled users, which included 12 executives.
- The largest category of removed exposed PII was family, with 14,095 pieces of information. 7,722 pieces of exposed PII relating to contact information were removed.
- 2,033 breaches and 86 cleartext credentials were discovered across enrolled users in nine months.
This extensive digital exposure created a perfect environment for sophisticated social engineering attacks, with personal data readily available to craft convincing phishing attempts, impersonation scams, and targeted attacks against key decision-makers.
The Solution: Continuous PII Removal
VanishID implemented its automated solution, requiring minimal effort from the insurance company’s security team. The implementation included:
- Enterprise-Wide Protection: Enrolling 12 executives and 6 family members in VanishID’s continuous PII removal service
- User Reconciliation: Coordinating with the healthcare company to update enrolled user lists and establish ongoing provisioning and de-provisioning processes
- Executive Family Focus: Launching a focused effort to increase family member enrollment, recognizing that executives’ family members often represent an overlooked vulnerability
- Continuous Monitoring and Removal: Deploying automated scanning and removal technology to identify and eliminate PII from data broker sites continuously
The simplicity of implementation was a key advantage—VanishID required only employee names and work emails to begin the protection process, with initial results appearing within 24-48 hours.
Powerful Results: Measurable Risk Reduction
The impact of VanishID’s protection was substantial and measurable:
Protection Results:
- 35% reduction in overall digital risk
- 47,960 pieces of PII removed
- 2,033 breaches discovered
- 86 cleartext credentials discovered
Removal of numerous exposed profiles:
- 14,000+ pieces of family PII
- 9,400+ pieces of network PII
- 7,700+ pieces of contact information
- 8,100+ pieces of background PII
Initial Digital Risk Scores
Current Digital Risk Scores
Understanding Risk Measurement and Mitigation
In the charts above, every dot is an employee. The X axis shows the target’s overall value, and the Y axis shows the target’s accessibility.
Access: The Access score measures how accessible a person appears to threat actors outside your perimeter. Scoring includes overall vitals, biographics, openness, and activity metrics.
Higher Access scores = relatively easier for attackers to research, approach, and communicate with.
Value: The Value score measures how attractive a target appears from an attacker’s perspective. Scoring includes overall security, privileges, network, and exposure.
High Value scores = most worthwhile for attackers to target, directly or through impersonation.
Beyond Technical Protection: Business Impact
The implementation of VanishID’s solution delivered several key business benefits:
- Reduced Social Engineering Success Rates: By removing the personal information that fuels targeted attacks, the company experienced fewer successful social engineering attempts.
- Enhanced Security Posture: The dramatic reduction in exposed PII strengthened the company’s overall defense against human-targeted attacks.
- Operational Efficiency: Instead of dedicating internal resources to remove personal information manually, the automated solution handled this task continuously.
- Family Protection: The expanded protection to executive family members closed a vulnerability gap. Family members are targeted as indirect entry points.
Looking Forward: Building on Success
The program’s success has driven rapid expansion. VanishID protection now extends beyond the initial executive group to additional leadership tiers, with new executives automatically enrolled during onboarding. Feedback has been overwhelmingly positive: executives valued the eye-opening Privacy Briefings, and the security team appreciated the hands-off managed service approach. The company is now working to integrate VanishID’s exposed credential intelligence with internal systems, automatically blocking compromised passwords.
