Personal Data Sold Legally Fuels Cybercrime Wave
Security leaders express grave concern, with a significant majority believing their employees’ personal information is widely exposed online. This vulnerability is increasingly exploited by hackers, posing a substantial financial threat to companies.
New analysis indicates that the primary intelligence source for cybercriminals has shifted away from the dark web towards legitimate data broking websites. These platforms legally collect and sell vast amounts of public data to various businesses. Hackers are effectively weaponizing this readily available information through social engineering tactics, impersonating employees to infiltrate workplaces and launch devastating ransomware attacks.
High-Profile Attacks Underscore the Threat
This method was demonstrably used in a major attack on Jaguar Land Rover last year, which resulted in billions being deducted from the British automaker’s annual turnover. Similarly, the retail giant Marks and Spencer experienced a breach where access was gained by impersonating an employee, as admitted by the company’s leadership.
A concerning trend was highlighted in 2025 when US airlines faced similar attacks. The FBI issued a national security alert, warning that hackers were leveraging employee identities to deceive IT support desks, jeopardizing the entire country’s aviation infrastructure. Previous high-profile incidents, including disruptions at Las Vegas establishments like MGM and Caesars Palace, also bear witness to this escalating threat.
Survey Reveals Widespread Data Exposure
A comprehensive survey conducted by Optery, encompassing over 420 cybersecurity leaders, revealed a startling reality: only a mere four percent of respondents are confident that their staff’s personal data, including home addresses, phone numbers, and family member names, is not easily accessible online.
The findings, presented in Optery’s 2026 Enterprise Social Engineering Survey Report, indicate that nearly all participants (96 percent) have observed an increase in social engineering attacks over the past year. More than half reported that these attacks are beginning to strain their defensive capabilities, with approximately three-quarters confirming they have been compromised as a direct result of such an assault.
Targeting Strategies and Data Sources
The report details that IT staff are the most frequent targets, accounting for 80 percent of attacks, followed by executives at 42 percent and help desk personnel at 33 percent. The report explicitly states, “Security leaders overwhelmingly report that attackers can easily obtain the information needed to target individuals, including home addresses, personal phone numbers and email addresses, breached credentials, and job roles.”
Data broker and people-searching websites, such as Whitepages and 192.com, are identified as the most significant conduits for this information, with approximately 98 percent of respondents rating them as the primary source for hackers. Social media and the dark web followed closely, cited by around 90 percent of participants.
A substantial majority, 77 percent, indicated that their employees’ personal data is “very or somewhat” exposed on these sites, with only a negligible 3.6 percent reporting no exposure.
Data Brokers: The New Frontline for Cyber Reconnaissance
Lawrence Gentilello, CEO and founder of Optery, commented on the evolving threat landscape. “In recent years there have been several documented examples of threat actors using commercial data brokers as part of their reconnaissance and targeting process against organisations,” he stated.
He further explained, “Leaked ransomware group communications, incident investigations, and government advisories all point to the same pattern: attackers are using commercially available data aggregation services to identify employees, map organisations, and gather the personal and professional information needed to carry out targeted attacks.”
Gentilello cited specific instances, noting how leaked Black Basta communications revealed members utilizing data brokers to identify targets and support social engineering efforts. Federal guidance on the Scattered Spider group also points to commercial intelligence tools as integral to their reconnaissance activities. In the 0ktapus campaign, which impacted over 130 organizations and led to the theft of nearly 10,000 credentials, Okta reported that attackers likely acquired mobile phone numbers from commercial data aggregation services that link phone numbers to employees at specific companies.
The CEO concluded, “Some cybercriminal groups purchase access to these sites directly while others resell it as a lookup service. Either way, data broker profiles supply a major source of intelligence that drives social engineering attacks.”
