DeleteMe Service Helps Individuals Remove Exposed Personal Information from Data Brokers
What Happened — A ZDNet review details a hands‑on test of DeleteMe, a subscription‑based service that scans the public web for personal data exposed by breaches or sold by data‑brokerage firms and attempts to have it removed. The author, whose information had appeared in multiple breaches, confirms that DeleteMe can delete many records but some data remains inaccessible.
Why It Matters for TPRM —
- Personal‑data exposure of employees or executives can be leveraged for credential‑stuffing or social‑engineering attacks against your organization.
- Reliance on third‑party data‑removal services introduces supply‑chain risk; you must verify their processes, data‑handling policies, and success rates.
- Ongoing monitoring can surface new exposures that may affect compliance (e.g., GDPR, CCPA) and incident‑response planning.
Who Is Affected — Consumers, employees, and executives whose personal data appears on data‑broker sites; enterprises that must protect the personal information of their workforce and customers.
Recommended Actions —
- Assess whether any of your organization’s personnel are subscribed to data‑removal services and evaluate the vendor’s security posture.
- Incorporate data‑broker monitoring into your third‑party risk program to detect new exposures early.
- Update incident‑response playbooks to include steps for coordinating with data‑removal providers when personal data is compromised.
Technical Notes — DeleteMe uses automated web crawlers to locate personal identifiers (email, phone, address) on publicly accessible pages and then files takedown requests with data brokers. Success varies by broker policy; some data cannot be removed due to legal exemptions. No specific CVEs or malware are involved. Source: ZDNet Review of DeleteMe