Whether it takes the form of phishing, smishing, vishing, password cracking, impersonation, identity fraud, Account Takeover (ATO), or Business Email Compromise (BEC), the weaponization of personal data remains at the root of most successful cyberattacks and fraud activity. Exposed PII also fuels physical threats including doxxing, harassment, and violence.

Reducing risk starts upstream, by removing current exposures, shrinking how much personal data is collected, shared, and circulated, and continues with strong account protections.

Here are some actionable steps you can take to reclaim control of your personal data and prevent its misuse:

Exposure Minimization

Reduce where your personal data exists and circulates

1. Remove your information from data broker sites

Data broker and people-search sites publish personal information for anyone to see, which makes it easy for bad actors to find and target someone. Removing this data minimizes exposure to phishing, voice and messaging scams, credential theft, identity fraud, doxxing, and physical targeting.

Optery allows individuals, families, and businesses to address personal data exposure comprehensively, finding and removing dozens more exposed profiles per person than any other service. Optery also provides before-and-after screenshots to show exactly what was found and removed.

Because the exploitation of employee personal data via social engineering remains the leading cause of breaches year after year, organizations should offer personal data removal for their employees to close security gaps. Doing so proactively protects against today’s increasingly sophisticated and evasive phishing varieties. Multiple threat actors have been documented using data broker sites to target organizations. Preventing these attacks requires addressing employee exposure on these sites.

2. Initiate a credit freeze

A credit freeze restricts access to your credit report and prevents new accounts from being opened in your name. It also limits certain types of prescreening and data sharing by credit bureaus, which are major sources of phone numbers and personal data in marketing ecosystems that ultimately fuel both spam and scams. Remember to freeze your children’s credit as well. A great resource for doing this is FrozenPii.com.

The Right to Be Forgotten: Deleting Your Online Data

Join us on Friday, January 30, 2026 at 1:00 PM EST for a webinar exploring what the Right to Be Forgotten means for you—and how to request the deletion of your personal data from data broker & people search sites, apps, and search engines.

Tracking & Behavioral Data Reduction

Prevent continuous re-entry into data collection pipelines

3. Limit personal information shared online

Be intentional about what you share on social platforms, websites, and online forms. Information like employment details, location, family relationships, and contact data is commonly pulled into data broker profiles and marketing databases and used to fuel social engineering, impersonation, fraud, and physical targeting.

Phone numbers deserve special care. Many enter data broker and marketing pipelines through routine interactions such as loyalty programs, real estate portals, car dealerships, warranty registrations, contests, donations, and travel bookings. Avoid sharing your number unless it’s truly necessary.

4. Use an alternate or masked phone number

When a phone number is required but not essential, use an alternate or masked number (such as Google Voice, Hushed, or similar services). This keeps your primary number out of marketing databases and data broker ecosystems that fuel spam and scams.

5. Maximize your privacy settings

Regularly review privacy and security settings across social networks, email accounts, and online services to limit visibility into your profile, activity, and relationships. A great resource for managing your privacy settings across a range of sites, apps, and services can be found here: Manage Your Privacy Settings – National Cybersecurity Alliance (staysafeonline.org).

6. Use privacy-focused browsers and search engines

Browsers such as Brave and Mozilla Firefox, along with privacy-focused search engines like DuckDuckGo, reduce tracking and limit the collection of behavioral data compared to default alternatives. For more info, see our complete guide on Web Browsing Privacy.

7. Use a Global Privacy Control (GPC) extension

Global Privacy Control is a browser signal that communicates your preference to opt out of the sale or sharing of personal data where legally recognized. Using a GPC extension like Optery’s Global Privacy Control (GPC) browser extension automates this signal across supported websites without requiring manual opt-outs.

8. Install reputable ad blockers

Online advertising systems are a common delivery mechanism for scams, fake support pages, credential-harvesting sites, and malware through a practice known as malvertising. Ad blockers reduce exposure to malicious ads and limit third-party tracking that attackers exploit to increase the reach and effectiveness of these campaigns.

9. Disable personalized ads on major platforms

Platforms like Google and Facebook allow users to disable or limit ad personalization. Turning these features off reduces how activity and inferred interests are used and shared across advertising ecosystems. Personalized advertising systems have repeatedly been abused to deliver scam and impersonation ads at scale by matching malicious content to inferred interests and activity. Turning off ad personalization reduces how often these malicious ads are delivered by limiting the targeting and optimization mechanisms scammers rely on.

10. Review and revoke app permissions

Privacy settings control what platforms share, but app permissions control what data apps can collect directly from your device. Many apps request access to contacts, location, microphones, cameras, and device identifiers that are unnecessary for core functionality. Regularly reviewing and revoking these permissions reduces silent data collection at the source.

Account & Access Security

Protect accounts even when data is exposed

11. Enable multi-factor authentication (MFA)

Use MFA on all accounts wherever available. MFA significantly reduces the risk of account takeover, even if passwords are compromised. For those at elevated risk, hardware-based MFA tokens such as FIDO or YubiKeys provide stronger protection than app-based codes.

12. Change passwords and avoid reuse

Since everyone has been involved in a data breach at some point, reusing passwords across different accounts, like bank logins, work systems, and personal email, creates unnecessary risk. You can check for emails and passwords that have been involved in data breaches via haveIbeenpwned.com and rotate credentials accordingly. Avoid using variations on the same password as these can be easily cracked.

13. Use a password manager

Use a password manager to generate and securely store complex, unique passwords for each account. Password managers also provide protection against credential harvesting by recognizing legitimate websites and preventing users from entering credentials on fraudulent or spoofed sites designed to steal login information.

Organizations should use password managers that employ AES-256 encryption. They should be tied to email addresses rather than phone numbers, and secured with long, unique passwords and protected by multi-factor authentication (MFA).

Spread the Word

Extend protection to others

14. Educate and raise awareness

Share knowledge about online safety with less tech-savvy individuals to protect them from digital threats and scams. Discuss with your family the importance of privacy settings and cautious data sharing. It is especially important to educate adolescents and older adults who may need help staying safe online.

As we reflect on the importance of data privacy, let’s also act to take control of our personal data and prevent its exploitation. Whether it’s removing our information from data broker lists, freezing our credit, tightening our privacy settings, or taking other precautions, layered, consistent actions make a measurable difference over time. Let’s use this week as a starting point for a safer and more secure future.

Data Privacy Week 2026: Reducing Personal Data Exposure and Preventing Exploitation

Exposure Minimization