This post has been modified to reflect new information since its original publication.
With over 120 data brokers (also called people search sites) operating in the US and most public records instantly accessible online, it’s easier than ever for someone to find another individual’s personal data, including his or her home address, email address, phone number, date of birth, relatives’ names, and more. As a result, anyone with a computer and a grudge against law enforcement can weaponize this data in a variety of ways.
Fortunately, there are things law enforcement professionals can do to keep their personal data secure. Read on for a description of the ways criminals can use your personal information against you and how you can avoid becoming a victim.
Because of the public nature of their job, law enforcement professionals are at risk of doxxing. Doxxing, which is short for “dropping documents,” is the act of finding and posting someone’s private information online with the goal of encouraging others to harass that person. While doxxers usually get their information from publicly available sources, they sometimes obtain it through more sinister methods, like phishing or hacking.
One of the more famous examples of doxxing is that of Walter Palmer, the Minnesota dentist who shot an African lion named Cecil in 2015. When the story appeared in a British newspaper, mobs of outraged individuals spread the news on social media. They published Palmer’s home and business addresses and phone numbers, as well as his business website, calling for people to avenge the lion. To protect himself, Palmer closed his practice for several days and went into hiding with his family.
There have also been several instances of doxxing happening to law enforcement professionals. In 2015, two Los Angeles Police Department officers had their names, home addresses, and details about their children’s schools posted on the Internet after a controversial police shooting on Skid Row.
Another disturbing case is that of Jon Belmar, the St. Louis County chief of police during the Ferguson riots. To coerce him into revealing the name of the officer who shot Michael Brown, hacker group Anonymous posted Belmar’s address and phone number, as well as the names of his wife and children, along with photographs of them.
More recently, a hacker group broke into three FBI-affiliated websites and published the personal records of 4,000 federal agents and police officers. Among the data the hackers exposed were names, job titles, government and personal email addresses, phone numbers and postal addresses.
Law enforcement officers can become the target of a stalker when someone they’ve arrested becomes obsessed with gaining revenge.
One example of someone stalking a law enforcement professional is William Young, who stalked a police officer for 20 years after the officer arrested him in 1999 for stalking and harassing a woman. Over the years, Young created several webpages promoting the idea that the officer was corrupt and a pedophile. He also sent letters (between three and 92 pages long) claiming the same thing to numerous recipients, including the officer’s family, neighbors, church and local business leaders, local government offices and council members, and local law enforcement agencies. In a 2010 interview, Young stated that he wanted the officer to lose his job and “eat his gun.”
In another case, a Minnesota man named Jeffrey Quinten McCray stalked the police officer who was investigating him for posting videos about killing people. After the investigation resulted in him getting charged for illegally possessing a handgun, he began sending the officer threatening text messages and angry voicemails. He also posted a two-hour video in which he berated the officer and threatened to harm her and her daughter.
According to the FBI, “Law enforcement personnel and public officials may be at an increased risk of cyber attacks. These attacks can be precipitated by someone … opening infected emails containing malicious attachments or links.” This practice of sending deceptive emails from what appear to be trusted sources to trick people into giving you their personal information is called phishing.
One of the most notorious phishing attacks happened in 2016, when John Podesta, Hillary Clinton’s campaign chair, clicked on an email that appeared to be from Google’s corporate offices. Instead, the email was from Russian hackers, and by clicking the link and entering his information, he gave the Russians access to his entire email account.
And law enforcement agencies are equally vulnerable. In 2016, for example, the Cockrell Hill Police Department, near Dallas, Texas, experienced a ransomware attack when an employee clicked a link in an email that looked like it came from another law enforcement agency. As a result, the agency lost many files, including video evidence.
The following is an example of a typical phishing email:
Law enforcement officers, like everyone else, need to worry about identity theft—the act of stealing someone’s personal identifying information (like his or her name, Social Security number, or bank account or credit card number) to commit various types of fraud.
Criminals use this stolen information to:
- Apply for credit
- Get government benefits
- Take over accounts
- File taxes
- Avoid criminal punishments
- Receive medical services
As of 2017, roughly 60% of Americans have experienced or had a close family member experience identity theft, according to research by the American Institute of CPAs (AICPA) and The Harris Poll. And the threat to law enforcement professionals and civilians alike keeps growing as each new data breaches expose vast amounts of personal data online.
In 2017, a record-breaking 1,579 data breaches revealed over 178 million records. The Equifax breach alone exposed the names, birth dates, Social Security numbers, addresses and driver’s license numbers of 147.9 million individuals.
Even more worrying is the fact that identity thieves are becoming more effective, according to Al Pascual, senior vice president of Javelin Strategy & Research: “In the past, criminals would get and sell bits and pieces of your personal information. Now they have everything—your name, address, Social Security number—and they’re taking over multiple accounts at a time.”
When people talk about online extortion, they are mostly talking about the crime of blackmail. And law enforcement professionals are targets for this type of crime due to the influence they have over lawbreakers’ lives. For example, a criminal could threaten to release a photo of a police officer cheating on his wife unless the officer stopped investigating him.
To help its officers avoid being victims of blackmail, Scotland’s national police force recently warned its officers to keep their personal information private online. “Be mindful that there’s a risk you could become a target, be knowingly primed for information, blackmailed or could leave yourself, family and friends vulnerable to personal threats.” And according to Police Scotland, these risks often come from defense lawyers, who “research social media sites and use personal information to question police officer’s credibility and reliability in court.”
Law enforcement professionals need to be aware of what kind of information their online presence gives away—and the possibility of this information making them vulnerable to burglary. According to security expert Ron LaPedis, “if you’re not careful, [your online activity] can broadcast your location to the world and reveal more information about you and your home than you’d want.”
One reason law enforcement professionals, in particular, should keep their home address hidden is that many of them have firearms in their homes, which makes their houses more attractive to thieves. As such, law enforcement officers should avoid posting any information, like their vacation plans, that reveals when they will be traveling. Sharing real-time vacation photos, for example, just tells burglars that it’s safe to break into your home.
Smart ways to keep your personal information secure
Here are some ways to maintain your privacy on the Internet:
- Use a non-identifying profile picture: If it can identify you, don’t post it. This includes pictures of your pet or your car. Even just using a picture of a police badge tells people what you do for a living and can make you a target. One good alternative is to use a photo of your neighbor’s pet as your profile picture.
- Pay attention to the information your friends and family share: Even seemingly harmless things, like sharing posts from a police spouse association, pictures of you walking your dog in the front of your house, a photo containing your award from work, or photos of your kids standing in front of their school sign, can give criminals important clues about your location and thereby put you and your family at risk.
- Never give out personal information: Only supply the bare minimum of information when filling out online (and offline) forms or filling out social media profiles. Criminals can easily use details like your birthday, your hometown, and the names of your siblings to answer password reset security questions.
- Tighten your privacy settings in your social media profiles: Limit who can see the things you post to a small circle of friends who you know in real life. And don’t accept friend requests from strangers.
- Search for your own name: Google your name and see what kind of information exists about you. Are you tagged in other people’s photos? Did you accidentally post revealing information? Are there articles that mention you? Once you know what’s out there, you can start the clean-up process.
- Use a P.O. Box as a mailing address whenever possible: To keep your street address from getting into the wrong hands, always provide a P.O. Box when filling out any kind of form. While you’ll need to give a street address for some public records, like voter registration forms, you can use a P.O. Box for most other situations.
- Opt-out of data broker sites: Check out the steps you’ll need to take in our article How to remove yourself from the top people-search sites. You can also use a service like ReputationDefender’s PrivacyPro to automate the process.
Take control of your online reputationSchedule a free consultation
Where to get help
If your employer offers online privacy coverage that removes your information from the Internet, you should take it. Otherwise, you can use one of ReputationDefender’s privacy products. Feel free to call us for a complimentary consultation about your online privacy and what you can do to protect it.
For more information about protecting yourself online, see these resources: