Data brokers make more than 93% of U.S. Chief Executives’ home addresses visible
Washington, DC – March 5, 2025 – Digital executive protection leader Picnic today released a summary report, “Digital Privacy Snapshot: Leadership at Risk,” revealing that U.S. chief executives’ data privacy is alarmingly compromised across several key dimensions. Research by Picnic found the publicly exposed digital footprints of over 10,000 C-level executives across 65 industries and determined that nearly 100% have had information exposed in a data breach, with an average of 43 data breaches or compilations per executive. 94% of C-Suite members have had cleartext credentials (CTC) exposed, often in the form of unencrypted passwords, with an average of 4.3 exposed CTCs per executive. While prior corporate breaches sometimes contribute to these exposures, 84% of exposed chief executive passwords arise from breaches of personal accounts.
The potential impact of these breaches isn’t limited to the circulation of usernames and passwords – the research also found exposed digital footprints that can lead directly to executives’ front doors. Over 93% of C-Suite members have a current or former home address visible via data brokers, with an average of 11 data broker profiles per executive.
The C-Suite roles with the most data exposures were:
- Chief Technology Officers (CTOs) have fallen victim to the most breaches and have more exposed CTC than any other C-level role.
- Chief Revenue Officers’ (CROs) contact information is the most often exposed, making them vulnerable to social engineering attacks and identity theft.
- General Counsels (GCs) have the most data broker profiles due to regulatory transparency, exposing them to increased risk.
- Chief Marketing Officers (CMOs) were most likely to have exposed CTCs from corporate breaches, making them susceptible to credential theft and business email compromise.
The industries whose C-Suites have the most data exposures were:
- Healthcare: Healthcare CEOs have the most personal data exposure, and other healthcare C-level roles lead all industries with exposed personal phone numbers.
- Software: C-level executives in the computer software industry experience the most personal and total breaches.
- Higher Education: Higher Education executives lead in corporate breaches and trail only the software industry in overall breaches and exposed CTCs.
- Government: Government entities have the most data broker profiles, raising concerns about potential misuse of this information.
Picnic’s human risk intelligence emphasizes the urgent need for organizations to adopt comprehensive security strategies that include monitoring digital footprints, mitigating PII leaks, employing specialized protection platforms, and providing training and education to executives. By taking these steps, organizations can significantly reduce their exposure to digital threats and protect both their leadership and their overall stability.
Picnic also released a video of a special live demonstration in which ethical hacker Rachel Tobac illustrates the ease with which publicly available information can be weaponized to target high-profile individuals. Even an expert like Robert M. Lee, CEO of Dragos, the global leader in cybersecurity for operational technology environments, can be a feasible target. Tobac leveraged open-source intelligence (OSINT) to gather data and execute a series of social engineering attacks, including caller ID spoofing, voice cloning, and deepfake Zoom impersonation. The exercise, captured live on video, underlines the urgent need to raise awareness among executives to proactively manage their digital footprints and mitigate the risk of such attacks.
Video link: https://vimeo.com/1062123260/c73b00d5c6
“IT and security leaders are reacting to current events and prioritizing executive digital security, and they know this now means doing more than defending networks and systems – it means continually neutralizing exposed personal information on the public web and breached credentials on the dark web,” said Picnic CEO Matt Polak. “Executive exposure across all sectors and titles demands immediate remediation, to ensure both the security of enterprises and the physical safety of their leaders. We hope this view into Picnic’s human risk intelligence serves as a catalyst for change and encourages organizations to implement proactive measures to protect chief executives.”
About Picnic:
Picnic Corporation is at the forefront of cybersecurity and privacy innovation, empowering protection of enterprises and their executives with turnkey protections offered as a managed service. Picnic’s technology continuously neutralizes public data exposure for organizations and their employees. By continuously monitoring and reducing exposure to open-source intelligence (OSINT), Picnic enables a proactive defense mechanism that extends beyond the corporate perimeter, safeguarding business continuity and organizational integrity.
Picnic Media Contact:
Brianna Bruinsma
Firebrand Communications
[email protected]