Nationally Known Nonprofit Defends Staff and High-profile Volunteers Against Personal Threats

Defending American rights, this nonprofit organization is no stranger to going against the grain.
But as politics have become more polarized, charged issues often make its staff and volunteers
targets for threat actors.

For the information security team, personal threats against individuals and the organization made it increasingly important to prevent staff and volunteer personally identifiable information (PII), including their personal phone numbers and home addresses, from falling into the wrong hands. This information was becoming frighteningly easy for threat actors to find online—often through little more than a Google search query.

To mitigate the operational security risks created by PII exposure and protect the people behind its
mission from personal threats, the nonprofit needed a way of finding and stopping PII from appearing online. With millions of supporters, the nonprofit also needed a way of doing so at scale and without placing an extra burden on individuals.

The Solution

The nonprofit’s security team understood that they couldn’t rely on training alone to mitigate
threats such as harassment and social engineering campaigns.

They knew that data brokers constantly collect and distribute publicly available PII from their
staff and volunteers without their permission. While individuals could attempt to remove their
information themselves, it would just reappear online unless they did so repeatedly.

To fight back, the nonprofit needed to give its supporters and employees access to a proactive and
trustworthy PII search and removal service that takes data offline automatically. The nonprofit
chose DeleteMe. With over 12 years of experience helping NGOs, charities, and nonprofit organizations protect staff PII, DeleteMe was able to provide this nonprofit staff with a bi-monthly automated PII search and removal service that covered various online sources of PII exposure. Volunteers were also given access to the same service at a heavily discounted rate, subsidized by the nonprofit.

Results

Soon after deployment, PII removal became a core security tool for the nonprofit and a benefit
for the organization’s staff. The staff felt supported and valued because their leadership took their privacy and security concerns seriously. Through monthly removal reports, DeleteMe delivered a measurable privacy improvement for covered individuals.

Staff and volunteers could see how each month, DeleteMe found and removed more of their
information from the web, making it harder for threat actors to find where they live, what their
family situation is, or how to contact them.