Table of Contents
| Firmographics | Digital Risk Exposure |
| Industry: Energy & Utilities Executives Enrolled: 58 Employees Enrolled: 2,598 | Executives: More than 75,000 exposed PII More than 2,100 data breaches Employees: More than 1.42M exposed PII More than 36,000 data breaches |
Executive Summary
A leading energy & utilities company with approximately 5,000 employees partnered with VanishID to address a critical cybersecurity vulnerability: the massive exposure of personal identifiable information (PII) of their executives and employees.
This exposed personal data was fueling social engineering attacks, online harassment, and physical threats against executives and their families, after a series of extended outages impacted service operations.
Within just three months, VanishID removed over 1.5 million pieces of exposed PII, reduced executive digital risk by 45%, and decreased the accessibility of sensitive information by 58%. This dramatic reduction in the company’s human attack surface has significantly strengthened their overall security posture against datadriven threats.
The Challenge: A Visible Digital Footprint
As a prominent player in the critical energy infrastructure sector, the company faced unique security challenges. Their executives and key employees, who have access to sensitive operations and information, were particularly vulnerable due to their extensive digital footprints.
Initial scans revealed alarming exposure levels:
▪ The executive team had over 75,000 pieces of personal information exposed online
▪ The broader employee base had a staggering 1.42 million pieces of PII available on data broker sites
▪ Company executives were involved in over 2,100 data breaches containing 135 unique exposed cleartext credentials
▪ Employees were implicated in more than 36,000 data breaches, containing 2,908 unique exposed cleartext credentials
This extensive digital exposure created a perfect environment for sophisticated social engineering attacks, with personal data readily available to craft convincing phishing attempts, impersonation scams, and targeted attacks against key decision-makers.
The Solution: Continuous PII Removal
VanishID implemented its automated solution, requiring minimal effort from the energy company’s security team. The implementation included:
1. Enterprise-Wide Protection: Enrolling 58 executives and 2,598 employees in VanishID’s continuous PII removal service
2. User Reconciliation: Coordinating with the energy company to update enrolled user lists and establish ongoing provisioning and de-provisioning processes
3. Executive Family Focus: Launching a focused effort to increase family member enrollment, recognizing that executives’ family members often represent an overlooked vulnerability
4. Continuous Monitoring and Removal: Deploying automated scanning and removal technology to identify and eliminate PII from data broker sites continuously
The simplicity of implementation was a key advantage— VanishID required only employee names and work emails to begin the protection process, with initial results appearing within 24-48 hours.
Powerful Results: Measurable Risk Reduction
The impact of VanishID’s protection was substantial and measurable:
Executive Protection Outcomes:
- 45% reduction in overall digital risk
- 58% decrease in PII accessibility
- 86,300 pieces of PII removed
- 135 unique exposed cleartext credentials were automatically blocked from reuse
Employee Protection Results:
- 33% reduction in overall digital risk
- 39% decrease in PII accessibility
- 1,682,848 pieces of PII removed
- 2,908 unique exposed cleartext credentials were automatically blocked from reuse
Initial Digital Risk Scores
Current Digital Risk Scores
Understanding Risk Measurement and Mitigation
In the charts above, every dot is an employee. The X axis shows the target’s overall value, and the Y axis shows the target’s accessibility.
Access: The Access score measures how accessible a person appears to threat actors outside your perimeter. Scoring includes overall vitals, biographics, openness, and activity metrics.
Higher Access scores = relatively easier for attackers to research, approach, and communicate with.
Value: The Value score measures how attractive a target appears from an attacker’s perspective. Scoring includes overall security, privileges, network, and exposure.
High Value scores = most worthwhile for attackers to target, directly or through impersonation.
Beyond Technical Protection: Business Impact
The implementation of VanishID’s solution delivered several key business benefits:
1. Reduced Social Engineering Success Rates: By removing the personal information that fuels targeted attacks, the company experienced fewer successful social engineering attempts against key decisionmakers.
2. Enhanced Security Posture: The dramatic reduction in exposed PII strengthened the company’s overall defense against human-targeted attacks—often the starting point for more severe security breaches.
3. Operational Efficiency: Instead of dedicating internal resources to monitor and remove personal information manually, the automated solution handled this complex task continuously, allowing the security team to focus on other priorities.
4. Family Protection: The expanded protection to executive family members closed a significant vulnerability gap, as family members are often targeted as indirect entry
Looking Forward: Building on Success
With the initial implementation showing such strong results, the energy company is now expanding VanishID coverage to include additional family members of high-value targets.
As new executives join the organization, they’re automatically enrolled in the protection program as part of the standard onboarding process.
The Energy & Utilities company agreed to share this success story, which has been anonymized for security reasons.
