While doxxing isn’t new, it continues to be a common tactic for retaliation, protest and sometimes just purely to cause trouble. From countless claims of doxxing by some of the biggest celebrities to executives and CEOs being targeted over political views or business decisions , doxxing remains a popular method for exposing those in the public realm (and even those who aren’t). It can be done quickly, easily and with significant ramifications.
The bottom line: Doxxing isn’t going to slow down. It’s ramping up, and your organization’s executives are at particularly high risk – and that can also harm your organization. However, with the right education and preparation, you can mitigate the risk.
A brief history of doxxing
For those unfamiliar with this phenomenon, doxxing (shorthand for “dropping documents”) is the act of releasing an individual’s private information to the public without that person’s consent. It sometimes involves sharing the address of an individual, the idea being to encourage others to harass the person at their home. Doxxing can not only complicate the victim’s life with unwanted emails, phone calls and more but can also put them in danger.
When used against a company, the consequences can be significant. The Sony case in 2014 is a well-known example. Hackers breached Sony’s computer systems and leaked vast amounts of sensitive data, including confidential emails, employee personal information, and unreleased films. The attack damage their reputation and their bottom line.
From celebrities to executives and even students, it seems like no one is immune. Today, executives, government officials and leaders of institutions are being targeted at a higher rate than before. One survey found that in 2023, there was a significant increase in doxxing and that 11 million Americans have been doxed to date.
Any perceived misstep regarding financial decisions, political affiliation or social justice stance can make an individual or organization a target. With multiple armed conflicts, social issues and a contentious presidential election underway, the stage is set for even more doxxing in 2024. In fact, doxxers will even go after someone who criticizes a popular musician.
Despite the disruption and potential harm that doxxing can cause, only three states explicitly make the practice illegal. Several other states have cyberbullying laws that may cover these actions. Some states are trying to proactively protect voters’ information, for instance, but they’re struggling. So far, there is no federal legislation that would make doxxing illegal.
Steps toward protection
There are some regulatory moves, such as in California, where a new proposed bill would let doxxing victims sue the perpetrators. But regulation moves slowly, and bad actors will always be a few paces ahead. What’s really needed is more steps toward preventing – or mitigating the risks of – doxxing in the first place.
Implementing basic cyber hygiene is essential. That includes not using the same, easy-to-guess password across multiple sites. Anyone using the internet, celebrity or not, can also be more stringent about the information they share online. For instance, it’s fine to post a picture of your car on social media, but blur out the license plate first. Learning how to manage privacy settings for social media accounts is equally important and you should regularly review and adjust them.
Other things that can be done to help reduce the risk of being doxxed, whether for yourself or for the executives you work with, include:
- Enabling two-factor authentication.
- Monitoring online presence: This can be done regularly through simple Google searches to see what information is out there about you or your executive that’s easily found.
- Educate yourself about data brokers: Read up on what the data broker industry is doing today and how they’re using information. Ask questions of the companies you provide your information to.
- Be skeptical of unsolicited requests: Don’t blindly trust that email asking you for your sensitive information.
- Monitor credit reports.
- Regularly audit third-party apps.
- Separate personal and professional identities
By combining these practices, users can enhance their online security and reduce the risk of falling victim to doxxing. While there is no foolproof method, taking proactive steps to protect personal information can significantly mitigate doxxing’s potential impact.
What if doxxing happens anyway?
Whether it’s you or the executive you work for, there are several things you can do to help mitigate the damage if a doxxing incident occurs. These include:
- Remove personal information from online platforms.
- Document instances of doxxing with screenshots.
- Report the incidents to the platforms involved (i.e. where the information was leaked to.)
- Change passwords and enable two-factor authentication if you haven’t already.
- Notify law enforcement if threats or illegal activities are involved.
- Inform friends and family, cautioning them against sharing more information: In many cases, especially if you’re an executive of a company, you should also notify your company’s IT security team.
- Seek support from mental health professionals if needed: This can be a scary time, but you don’t have to suffer alone, in silence.
- Opt out of data broker websites to limit personal information availability.
- Regularly review and monitor your online presence.
- Consult legal professionals to explore potential legal actions.
- Secure physical locations if there are concerns about safety.
Mitigating the new reality
The phrase “Haters gonna hate” takes on a whole new level of negative potential when doxxing is involved. In today’s highly polarized and offendable culture, anyone can suddenly become a target – including your organization. It’s easier than ever to track down a person’s or company’s sensitive information and share it with the world. As the Sony incident demonstrates, doxxing can cause embarrassment, business disruption, financial loss and regulatory probes.
As legislation lags, it’s critical to train all employees in basic cyber hygiene and to have a plan in place to swiftly address a doxxing incident if one occurs. This will help mitigate damage and enable you to continue with business as usual.
