All Posts

Doxxing & Politics: What Corporate Security Teams & Executives Should Know to Protect Themselves

Articles
March 4, 2025

Political tensions across the United States remain high in the wake of a contentious election cycle and ongoing international conflicts. Acts of violence and online harassment motivated by socio-political issues continue, showing no sign of abatement. Taking proactive measures to protect executives and enterprises alike is critical in managing the threat and the damage caused by bad actors.

One widespread type of attack that has often been employed by politically motivated threat actors is doxxing: the intentional public disclosure of personal information. The purpose of doxxing is usually to harass, shame, or incite violence against an individual and/or companies associated with them. Corporate security leaders should understand  doxxing dynamics, tactics, and risks to better protect against these types of attacks. 

Doxxing as an Activist Tool

The term “doxxing” dates back to the early 1990s, when the internet was just beginning to gain momentum. Hackers would “drop dox” on individuals or organizations they sought to harm, posting their personal documents (hence, their “docs” or “dox”) and information online.

Political controversy has always been a common motivation for many doxxers, such as through the circulation of lists of known neo-Nazis online, or the so-called “Nuremberg Files,” a web page listing the addresses of known abortion providers. 

Today, doxxing continues to be widely employed as a tool of political activism.

One 2021 study by SafeHome suggested as many as 11 million American adults had personally been victims of doxxing. Additionally, another 2021 study by the Pew Research Center indicated that as many as 20% of all American adults have experienced some kind of online harassment due to their political views.

The spread of doxxing has been further exacerbated by online users’ ability to rapidly share content without verification or context. For example, photos and videos of protests have frequently been shared as a way to “out” participants of political movements, but has also led to the misidentification of people.

In one instance, a professor at the University of Arkansas was mistakenly identified as a participant of the 2017 “Unite the Right” riot in Charlottesville, VA. The photo of an individual alleged to be the professor was re-posted by over 11,000 people on X. This led to the doxxing of his home address, and the University of Arkansas receiving numerous calls for his removal. 

High profile individuals - such as public figures, C-Suite executives and members of politically-controversial organizations - are often under heavy scrutiny for their political stances, which increases their risk of being doxxed.

This is especially the case if they choose to make donations to political candidates or committees. Political contributions are public record and are accessible through the websites of various government organizations, like the FEC and state election boards. The records reveal Personally Identifiable Information (PII), including names, recipients, donation amounts, and provided addresses of each donor. Large donations are more likely to draw attention from both news media and the general public, further increasing risk.

The Consequences

The consequences of doxxing are multifaceted and can impact the person individually as well as the corporate enterprise they represent.

Once someone's private information has been doxxed online, it is available to the public, worldwide. The worst case scenario is that it leads to physical violence against the victim. However, there are also other forms of harassment that can be facilitated by doxxing, such as death threats, identity theft, and targeting a victim’s workplace and family. 

Financial Loss
  • If a person’s sensitive personal data–such as their banking information, passwords or personal addresses–are released online as a form of doxxing, then threat actors may leverage them to conduct various types of financial crimes.
    • Examples include making purchases or opening a credit card in the person’s name, accessing bank accounts, or diverting incoming payments to an attacker’s own bank account.
  • Bad actors could use an executive’s personal data to gain access to their corporate accounts and proprietary systems. Companies affected by doxxing may have to divert valuable resources in order to address data leaks or disruptions to business operations, and regain the trust of customers who were affected. 

Reputational Harm
  • Although a case like that of the professor at the University of Arkansas was settled relatively easily, not everyone is so lucky. As reported by NPR, the doxxing of the identity of a Brooklyn woman who took down a pro-Israel poster in 2024 led to her and her parents’ personal information being widely circulated online, the loss of her job, and a significant mental health toll from the harassment she suffered.
     
  • An organization’s name can be tarnished if negative information about one of its members is doxxed, regardless of whether the information is true. Again drawing from the case of the University of Arkansas professor, the university’s reputation was put on the line as some believed the school had the responsibility to fire a reputed neo-Nazi.

Physical Violence 
  • Doxxed information can be used by threat actors planning a physical attack. The target’s address, photos, daily routine, and close associates can all be used to increase the specificity and severity of harm. The information can also be used to make general calls for violence against an individual on social media and fringe discussion forums.
    • In one example, an executive at Dominion Voting Systems was forced into hiding after individuals, who believed that Dominion manipulated the results of the 2020 US Elections, published his phone number and home address, and posted a $1 million bounty for his life.
  • Bad actors may attempt to harm the individual at their workplace, or may see an executive’s personal political activities as a representation of the company’s views and therefore violently target the corporate office. 

Mental Health

How To Protect Yourself

There are proactive steps that both individuals and organizations can take to reduce their risk of doxxing.

Steps for Individuals
  1. Research yourself to understand your online exposure.
    Check if your personal information has been published online through legitimate sources (such as public records) or through doxxing, and how easy it is to find it. Conduct a quick web-search on your own name and using online data broker websites like WhitePages or TruePeopleSearch (you can request for results in these to be expunged). Also consider what information is publicly available about you in property records, social media, donation records, online biographies, and other publicly-accessible databases. 
  1. Never post sensitive personal information on the Internet.
    Sensitive personal data like home addresses, full name, personal emails, and phone numbers should not be publicly posted online. Also avoid consistently sharing minor details, like photos of your home, daily activities, and friends. Although isolated instances of that data may not seem harmful, it can be used to piece together a full picture of your life.

  1. Enhance your online privacy by altering visibility settings in social media accounts, and using online data encryption.
    Large social media platforms, like Instagram or Facebook, allow users to manually control who can see their profiles and posts. This is useful for avoiding being doxxed, as “private” accounts are only visible to the user and a list of people they allow to.
    • It is important to periodically review the current privacy status of your account, as it may have been reset by changes in a platform’s terms of service. If you are concerned about more sophisticated doxxing campaigns, such as those that can be carried out by experienced hackers, consider further protecting their online data by using VPN services or encrypted messaging apps.
  1. Have a plan to address personal data leaks.
    Having an actionable plan on how to avoid and recover from data leaks can mitigate the damage and allow a much faster response against threats leveraging doxxed information. These plans often involve a systematic review of vulnerabilities in your online activity and setting up contingencies based on the severity of the data disclosed.

Steps for Organizations
  1. Be judicious about what type of information is revealed for business reasons.
    Business entities often must disclose some information for business reasons, such as office addresses, employee names, or business contact emails. Companies can ensure they are not publicly releasing individual contact information or office locations for employees, which could be used to dox the employees. 

  1. Have a plan to address data leaks resulting from an employee’s doxxed information.
    If an employee is doxxed their information could be used to access their corporate accounts such as email, file sharing, and proprietary systems. The larger an organization’s employee and customer base, the larger a potential data leak's impact. Security teams need to respond quickly and effectively when an incident happens. Having a plan in place and corporate training is the best defense. 

  1. Encourage employees to follow privacy and operational security best practices.
    Every employee in a company is a digital microcosm, with various social media accounts, online connections, and Internet habits. Each has their own set of online vulnerabilities, which can be exploited by threat actors targeting either them or the organization.
    • Employers can counter this by openly discussing with employees the need for good cyber hygiene, clearly delineating a set of required operational security measures, as well as recommending that they enhance their online privacy by following best practices.


Due to the life safety risk, individuals or organizations that have already been doxxed should conduct a risk assessment and institute mitigation measures immediately.

It is critical to perform an assessment of the magnitude of the concerns and the potential impact for the individual or company. The potential consequences and the measures to mitigate them can vary widely, on a case-by-case basis.

In some instances, even small information leaks may enable existing physical threats against the individual, such as giving known violent actors the person's address. In other cases doxxing can be a nuisance concern, but not immediately dangerous. Law enforcement and specialized security providers can assess the seriousness of a situation, create a plan of mitigation, and work to a successful resolution.

Wagner Horta
Download Resource

Subscribe for Cutting-Edge Security Insights!

Get the latest news, expert insights, and exclusive updates right in your inbox.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

Personal Security While Traveling in 2021 & Beyond

Personal security while traveling is not always as clear cut as you might think. These 8 tips can keep privacy and data safe away from home.
August 5, 2021

Five Common Cryptocurrency Scams and How to Avoid Them

Crypto currency scams, are on the rise. Learn what they and how to identify them.
February 27, 2023

How Password Managers Work and How To Start Using One

How password managers work is contingent on the tool and the users. In this blog, learn tips to get started with one.
June 28, 2022
View ALl Posts

Let's discuss your security.

Partner with Red5 for unmatched intelligence and analysis expertise tailored to your needs.

Schedule a Consultation