Hushfolk

Protecting yourself? Run a personal scan

Private People Exposure Audit

Find exposed staff data before it becomes payment fraud, impersonation or a safety risk.

What creates the risk

Staff emails, director profiles, old addresses, phone numbers, supplier links and breached accounts can make the wrong request feel real.

What Hushfolk shows

Who is exposed, what attackers could use, and what to remove, separate or monitor first.

Payment FraudFounder ImpersonationStaff SafetyPost-Breach ReuseClient Trust
Request a Private Audit CallView sample report
15-minute private fit checkNo staff data needed on the first callFixed audit scope before payment

Confidential

Hushfolk

People Exposure Report

Private business briefing

Preview risk path

Priority Finding

FindingFinance lead personal email and phone number are exposed and linked to company role.
Business impactUseful for fake supplier-change requests, urgent payment pressure or invoice fraud.
Recommended actionSeparate contact route, tighten supplier-change verification, queue broker removals.
High priorityHuman-reviewedAction required

72/100

People Exposure Score

4

High-risk roles

8

Exposed signal types

11

Broker records queued

3

Lookalike domains flagged

Weak

DMARC policy

Evidence labels

ConfirmedDerivedInferredHuman-reviewedRedacted by default
Human-reviewed findingsRedacted employer reportsUK and Europe focusedReduction plan includedConsent-led scopeNo staff data on first call

Built for businesses where exposed people-data can become fraud, impersonation, staff safety or post-incident risk.

The audit is the diagnosis. The reduction plan is the product.

Why this matters

Exposed data becomes dangerous when it connects to a role, a payment or a person.

The risk

A leaked email is rarely the whole problem. The risk comes from what it connects to.

How small details become business risk

1

Exposed detail

Email, phone, address, breach record or public profile.

2

Business context

Finance role, supplier relationship, director profile or public-facing staff member.

3

Believable request

Fake payment request, founder message, phishing email or pressure tactic.

4

Real-world impact

Money moved, staff targeted, client trust damaged or breach risk extended.

£

Money sent to the wrong place

Exposed finance, supplier and executive context can help fake payment requests feel normal.

Someone pretending to be leadership

A public founder profile, phone number, personal email or company role can make impersonation easier.

Staff being found or pressured

Public-facing employees, directors, legal teams and property staff can carry personal risk when addresses or contact routes are exposed.

A breach causing more damage later

After an incident, exposed staff and executive data can still be reused for follow-on phishing, fraud or harassment.

Clients losing confidence

When something happens, clients and staff judge whether the business looked prepared or exposed.

No clear plan after discovery

Most tools show alerts. Hushfolk gives you a prioritised plan: remove, separate, harden, monitor and brief the right people.

The audit is built to answer one question: what could someone use against the business, and what should we reduce first?

Request a Private Audit Call

UK risk context

The damage rarely starts with “a hack”. It starts with trust.

The pattern

Attackers do not need perfect information. They need enough context to be believed.

Phishing

38%

UK businesses that experienced phishing attacks.

UK Cyber Security Breaches Survey 2025/2026

Disruption

69%

Affected businesses and charities that said phishing was their most disruptive breach or attack type.

UK Cyber Security Breaches Survey 2025/2026

Regulatory cost

£14m

ICO fine issued to Capita after a breach affecting data relating to 6.6m people.

Information Commissioner's Office

People affected

6.6m

People whose personal information was stolen in the Capita breach.

Information Commissioner's Office

The question is not whether attackers use personal data. The question is whether your people are giving them enough to work with.

What can happen

Cyber incidents become business problems fast.

Why we show this

These examples are not here to scare people. They show how fast cyber incidents become financial, operational and reputational problems.

M&S, UK

£300m expected operating profit impact

M&S said its cyberattack was expected to cost about £300m in lost operating profit. Later reporting showed cyber-hack-related costs of £131.3m for 2025/26.

Business impactWhy it matters: One incident can move from systems to sales, logistics, customer trust and leadership time.

British Library, UK

£6m to £7m recovery estimate

The British Library ransomware recovery was reported to cost £6m to £7m, far above the ransom demand.

Business impactWhy it matters: Recovery can cost more than the first demand. Some damage lasts long after systems come back.

Capita, UK

6.6m people affected

The ICO fined Capita £14m after personal information relating to 6.6m people was stolen, including pension records, staff records and customer records.

Business impactWhy it matters: When personal data is exposed at scale, the problem can become legal, regulatory, operational and reputational.

Norsk Hydro, Norway

Impact approached $71m

Norsk Hydro's ransomware incident affected employees across 40 countries. The chain began when an employee opened an infected email from a trusted customer.

Business impactWhy it matters: A believable message can start a chain that becomes operational and financial damage.

Hushfolk does not claim it could have prevented these incidents. These examples show why exposed data, trust and internal context can matter far beyond inbox spam.

What you get

A clear answer to what is exposed, who it affects, and what to do next.

The audit gives leadership a practical view of people-data risk without exposing unnecessary personal detail.

Key takeaway

The audit should leave leadership with fewer questions, not more alerts.

Who creates the most risk

A role-based view of founders, directors, finance, HR, public-facing staff and other approved people in scope.

What could be used

The exposed emails, phone numbers, addresses, broker records, breach signals, profiles and business links that matter.

What could happen

The realistic routes into invoice fraud, executive impersonation, staff targeting, phishing or post-breach reuse.

What to reduce first

A prioritised plan for removal, separation, hardening, monitoring and internal process changes.

What to tell the team

Plain-English actions for leadership, finance, HR, legal and operations.

Whether monthly defence is needed

If the findings justify it, Hushfolk turns the plan into ongoing reduction, monitoring and reporting.

Most companies do not need more alerts. They need to know what to reduce first.

Request a Private Audit Call

What we check

We look for the people-data attackers use to make the wrong request feel believable.

The audit reviews approved people, roles and company context.

Higher audit tiers add deeper checks, more evidence review and stronger remediation planning.

Business outcome

Every check is tied to a business outcome: fraud, impersonation, staff safety, post-breach reuse or client trust.

01

Breach exposure

Work emails, personal emails and known breach signals linked to approved people or roles.

02

Broker and public-record exposure

Records that may reveal addresses, phone numbers, relatives, aliases, location history or profile links.

03

Executive exposure

Founder, director, partner and board-level exposure that could create fraud, reputational or safety risk.

04

Finance and supplier risk

Signals that could make payment requests, supplier changes or executive instructions easier to fake.

05

Impersonation surface

Public profiles, role signals, lookalike domains, weak email authentication and exposed contact routes.

06

Dark-web and credential indicators

Where the audit scope supports it, we review breach and dark-web-adjacent indicators that may increase follow-on risk.

07

Staff safety exposure

Address, phone, relative, location and public-facing role signals that could create harassment, doxxing or unwanted contact risk.

08

Post-incident reuse

What exposed data could still be used after a breach, phishing attempt or fraud incident.

Data sources and checks vary by audit scope.

We confirm the scope before payment.

The solution

The audit is not the end product.
The reduction plan is.

Hushfolk shows what to remove, what to separate, what to harden, what to monitor and what to brief internally.

01

Remove

Broker records, profile pages and public-data entries where removal is supported.

02

Separate

Personal emails, phone numbers, addresses and aliases that should not connect easily to business authority.

03

Harden

Executives, finance leads, HR staff and public-facing people who create outsized risk.

04

Control

Supplier changes, payment approvals, executive instructions and staff escalation routes.

05

Monitor

New breach signals, re-listings, lookalike domains and returning exposure.

06

Brief

Plain-English actions for leadership, finance, HR, legal and operations.

The goal is not to remove every possible trace from the internet.

The goal is to reduce what attackers can see, connect and reuse.

Request a Private Audit Call

How the audit is powered

This is not a manual spreadsheet exercise.

Each approved person or role moves through Hushfolk’s exposure workflow: intake, consent, source checks, scoring, evidence review, reduction planning and reporting.

1

People Exposure Score

Ranks exposure by business risk, not by raw finding count.

2

High-Risk Team Map

Shows which roles carry more risk, including executives, finance, HR, legal, operations and public-facing staff.

3

Evidence Trail

Gives leadership a record of what was found, what was reviewed and what needs action.

4

Broker Queue

Turns confirmed broker or profile exposure into removal routes, follow-ups, refusals and re-listing checks.

5

Impersonation Review

Checks the signals that make fake messages easier to believe: role, contact routes, public profiles, weak email authentication and lookalike domains.

6

Report Engine

Produces a private briefing with risk paths, evidence labels and 7-day, 30-day and 90-day actions.

7

Deeper Checks

Higher audit tiers can use specialist sources for breach exposure, domain risk, phishing indicators and public-profile exposure when the scope requires it.

8

Analyst Review

High-risk findings are checked before they become recommendations.

Who should book

Book this audit if one exposed person could create a serious problem.

People are often the easiest route into a business. The right audit shows where that risk sits.

Best fit

Recently breached or targeted companies

When leadership needs to know what attackers could reuse next.

Highest risk signal

Finance teams

When fake supplier changes, payment requests or urgent executive messages could cost money.

Financial impact

Founders and directors

When leadership is visible, reachable and easy to impersonate.

Leadership exposure

Also relevant for

HR and people teams

When exposed staff data can be used to pressure, trick or impersonate internal teams.

Internal risk

Legal, property and advisory firms

When client disputes, transactions and public records raise personal-risk exposure.

Reputation at stake

Public-facing staff

When names, addresses or contact routes could create harassment, doxxing or safety concerns.

Safety exposure

Regulated or trust-led businesses

When reputation, client confidence and duty of care matter as much as technical controls.

Trust and compliance

Private. Discreet. Focused on people risk that matters.

No noise. No generic dashboard. Just clarity on your human attack surface.

Request a Private Audit Call

Realistic attack paths

The audit is built around incidents that cost companies money, time and trust.

We do not just list exposed data. We connect it to the business process an attacker could target.

1

A personal signal is exposed

Email, phone, address, alias, broker record or breach signal.

2

The role is connected

Finance, founder, HR, supplier, legal or public-facing role.

3

The message feels believable

Phishing, impersonation, payment redirect, harassment or pressure.

4

A real process is targeted

Finance approval, supplier change, executive instruction, staff safety or post-breach follow-up.

Invoice fraud

The payment request that looks normal

A finance lead has a public role, a leaked email, an exposed phone number and visible supplier context. The attacker does not need to break into the finance system first. They need a message that feels believable enough to move the process forward.

What can happen: Payment redirection, urgent approval pressure, supplier-change fraud, internal confusion.

What Hushfolk checks: Role signals, contact routes, domain spoofing, supplier-process risk, broker data, public records and hardening steps.

Executive impersonation

The message that sounds like the founder

A founder's personal email, phone number, public profile, family context and company authority can be stitched together into a believable instruction.

What can happen: Fake WhatsApp requests, supplier pressure, staff manipulation, reputational damage, customer confusion.

What Hushfolk checks: Executive exposure, public profiles, lookalike domains, weak contact separation, broker records and impersonation surface.

Staff safety

The address that should not be easy to find

For public-facing staff, directors, clinic teams, legal teams, property staff or people involved in disputes, exposed address and family context can move the risk offline.

What can happen: Harassment, doxxing, unwanted contact, staff anxiety, employer duty-of-care questions.

What Hushfolk checks: Address-linked exposure, broker records, role visibility, public profile links, removal routes and redacted reporting.

Every finding is tied to practical business risk. No generic scare scores.

View sample report

Report example

A leadership briefing, not a spreadsheet.

The People Exposure Report shows what was found, why it matters, how it could be used and what should happen next.

Employer copies are redacted by default, so the business gets the risk picture without exposing unnecessary personal detail.

Report includes:

Approved staff and executive scope
People Exposure Score
High-Risk Team Map
Breach, broker and public-source findings
Impersonation surface
Domain spoofing review
Attack path analysis
Priority takedown queue
Identity hardening plan
7-day, 30-day and 90-day actions
Redacted evidence appendix
Workforce Exposure Defence recommendation

Built so leadership knows what to reduce first.

Request a Private Audit Call

People Exposure Report

Private Leadership Briefing

Prepared for [Company] — Confidential

1

Executive summary

2

People Exposure Score

3

High-Risk Team Map

4

Breach and broker findings

5

Impersonation surface

6

Domain spoofing review

7

Attack paths

8

Takedown queue

9

Identity hardening plan

10

7/30/90-day actions

11

Evidence appendix

Priority finding (example)

FindingCFO personal mobile and home address exposed across 3 data broker sites
Business impactEnables targeted vishing, SIM-swap or physical approach
Recommended actionSubmit opt-out requests, harden mobile account, brief individual
OwnerIT Security / People Ops
StatusPending removal

Redacted by default. Built for action.

Human-reviewed

Private fit check

The first call is not the audit. It is a private fit check.

What to expect

In 15 minutes, we confirm the risk concern, the people or roles in scope, and whether there is a serious reason to proceed. No staff list is needed on the first call.

1

What are you worried about?

Invoice fraud, executive impersonation, public staff exposure, post-incident reuse, staff safety, breach signals or something else.

2

Who could create the most risk?

Founders, directors, finance, HR, legal, operations, public-facing staff or a wider team.

3

Which audit depth fits?

We recommend the right audit level before any paid work begins.

4

What happens next?

If there is a fit, we send the fixed audit scope and payment link.

Request a Private Audit Call

Audit packages

Choose how deep we look.

Most companies do not need more awareness. They need to know which people create the most risk, what can be removed, and what needs changing before the next incident.

Three audits. One objective: reduce risk that matters.

Best first step

Workforce Exposure Audit

From £1,750

Best for: Founder-led companies, agencies, consultants, property firms, legal practices and public-facing organisations.

For companies that want to know whether staff or leadership exposure is creating a real route for fraud, impersonation or follow-on targeting.

  • Private fit check
  • Up to 10 approved people or roles
  • Company domain review
  • Breach and exposure review
  • Broker and public-record checks where relevant
  • Dark-web indicator review where in scope
  • Email spoofing review basic
  • Lookalike domain review basic
Request Workforce Audit Call

Recommended for serious risk

Executive Exposure Audit

From £3,500

Best for: Founders, directors, finance, HR, legal, operations, executive assistants and public-facing teams.

For businesses where one exposed founder, finance lead, HR contact or public-facing person could create serious damage.

  • Everything in Workforce Exposure Audit
  • Up to 25 approved people or roles
  • Up to 3 executive profiles
  • Finance and supplier fraud exposure review
  • Executive impersonation review
  • HR and internal-process exposure review
  • Address and household-context review where consented
  • Dark-web and breach signal review where in scope
Request Executive Audit Call

Full review

People Exposure Intelligence Audit

From £5,000

Best for: Post-incident reviews, larger teams, leadership groups, regulated firms, public-facing companies and businesses where people exposure could create financial, legal, reputational or safety risk.

For companies that want the full picture across leadership, finance, HR, operations, public-facing staff and post-incident risk.

  • Everything in Executive Exposure Audit
  • Up to 50 approved people or roles
  • Up to 5 executive profiles
  • Department-level exposure map
  • Breach, broker, public-source and role-context review
  • Dark-web and credential exposure review where in scope
  • Lookalike domain and impersonation surface review
  • Email spoofing and supplier fraud control review full
Discuss premium audit scope

Compare audit depth

See what's included at each level

FeatureWorkforceFrom £1,750ExecutiveFrom £3,500RecommendedIntelligenceFrom £5,000
Approved people or rolesUp to 10Up to 25Up to 50
Executive profiles1Up to 3Up to 5
Breach exposure reviewYesYesDeeper
Broker / public-record reviewBasicPriorityFull priority review
Role-based heatmapYesYesDepartment-level
Email spoofing reviewBasicFullFull
Lookalike domain reviewBasicFullFull
Dark-web indicatorsWhere in scopeWhere in scopeDeeper where in scope
Executive household contextNoWhere consentedWhere consented
Finance / supplier fraud reviewBasicYesFull
Takedown queueRecommendationPriority queueFull remediation plan
Evidence trailRedacted summaryRedacted appendixBoard-ready appendix
Action plan30 days30 and 60 days7, 30 and 90 days
Defence roadmapLightYesFull

Monthly Workforce Exposure Defence is scoped after the audit.

We do not price it blindly because the right plan depends on what is exposed, who is affected and how much reduction work is needed.

Data sources and checks vary by audit scope.

We confirm the scope before payment.

Audit credit: If you move into Workforce Exposure Defence within 7 days of audit completion, your audit fee can be credited against your first defence plan.

How it works

Controlled scope. Human review. Clear reduction plan.

1

Book the private fit check

We confirm your business type, main risk concern, roles to include and whether the Workforce, Executive or People Exposure Intelligence audit is the right fit.

15 minutes
2

Approve the audit scope

You approve the staff, executives, departments or high-risk roles to include. The audit is consent-led and designed to avoid unnecessary employee-level exposure.

Before payment
3

Run the exposure review

We review breach signals, broker records, public sources, role context, email and domain risks, impersonation paths and attack-useful data points. Deeper checks depend on the audit scope.

2 to 5 working days
4

Receive the private briefing

You receive a clear report showing exposure, business risk, attack paths, evidence labels, reduction priorities and next actions.

Usually within one week after scope approval

The audit is built for decisions: what should be removed, what should be hardened, what should be monitored and whether monthly defence is justified.

Request a Private Audit Call

Post-incident review

Already had an incident? Reduce what attackers can reuse next.

Not incident response

Hushfolk is not an incident-response, forensics, legal or IT recovery provider.

Used after containment

Once the immediate incident is contained, we review what exposed staff and executive data could still be used for phishing, impersonation, invoice fraud, harassment or follow-on targeting.

Outcome

The goal is not to relitigate the breach. The goal is to reduce what attackers can reuse next.

1

Incident contained

IR, legal and IT teams close the immediate incident

2

People-data review

Hushfolk audits exposed staff and executive signals

3

Attack paths mapped

Follow-on impersonation, fraud and targeting routes identified

4

Role hardening

Finance, executives, HR and public-facing staff prioritised

5

Monitor and report

Re-listings checked, breach signals monitored, leadership updated

Review exposed staff and executive data

We identify exposed staff, executive and role-based signals that could support follow-on phishing, impersonation or pressure tactics.

Map follow-on attack paths

We show how breached context, public profiles, personal emails, phone numbers, addresses, aliases or role data could be connected into believable future attacks.

Harden high-risk roles

We prioritise finance, executives, HR, operations, public-facing staff and anyone whose exposure could create business or safety risk.

Reduce and monitor

We support removal workflows where available, reduce linkability where removal is refused, monitor re-listings and new breach signals, and help leadership track what remains exposed.

Book post-incident audit call

For active incidents, keep using your incident-response, legal, insurance and IT teams. Hushfolk supports the post-incident exposure and human-risk layer.

Workforce Exposure Defence

Turn the audit findings into ongoing exposure reduction.

Some companies only need the audit and a short action plan. Others need ongoing help removing, reducing and monitoring the exposure attackers can keep using.

Available after audit

If the audit shows meaningful exposure, Hushfolk can continue the work: removals, re-checks, identity hardening, domain monitoring, process controls and leadership reporting.

Recommended when exposure is found across executives, finance roles, public-facing staff or sensitive employee groups.

Human-reviewed removalsBroker re-checksLinkability reductionContact separationIdentity hardeningEmail and domain checksSupplier fraud controlsStaff briefingsMonthly reportsRe-listing checksEvidence trail
Ask about Workforce Exposure Defence

Business Exposure Dashboard

Private access

12

Approved people monitored

38

Exposed records reviewed

14

Removal workflows active

3

Re-listings detected

2

Executive risks escalated

Monthly report ready

Evidence trailBreach monitoringRemoval statusExecutive summaryFinance controlsStaff briefingsDomain riskRe-listings

Remove

Human-reviewed removal workflows for broker, profile and public-data sources where supported.

Reduce

When removal fails, reduce linkability between personal records and business authority.

Harden

Help exposed people clean up recovery channels, personal contact routes, social profiles and weak verification habits.

Control

Add rules for supplier changes, payment approvals, executive instructions and staff escalation.

Monitor

Check re-listings, new breach signals, new domain risks and returning exposure.

Report

Monthly leadership reports showing what changed, what remains exposed and what needs action.

Scope and data handling

We only ask for what the audit needs.

We collect the minimum information required to understand context and assess risk. Nothing more.

What we need

Information to scope and deliver the audit

  • Approved names or roles in scope
  • Company domain and role context
  • Main risk concern
  • Consent-led approval
  • Contact for audit delivery
  • Any specific incident or concern you want reviewed

What we do not need

What we never ask for upfront

  • Staff passwords
  • Private inbox access
  • Bank details
  • Internal systems access
  • Employee documents
  • Unapproved personal data
  • Personal devices
  • Live account access

Redacted by default

Employer reports are redacted by default.

Handled with care

Sensitive employee-level detail is handled only where necessary, approved and appropriate.

Trust and controls

Serious findings need careful handling.

Our approach — Hushfolk handles sensitive findings with redaction, consent-led scope and human-reviewed reporting. Every audit follows the same careful controls.

Consent-led scope

Only approved staff, executives, departments or high-risk roles are included in the audit. Nothing is reviewed without scope approval.

Redacted employer reporting

Business reports focus on risk, actions and evidence categories without exposing unnecessary personal detail.

Evidence labels

Findings are marked as confirmed, derived, inferred or human-reviewed, so you know the strength of each signal.

Human-reviewed findings

High-risk paths are checked before recommendations are made. No automated scare scores without review.

Removal status tracking

Supported removals, refusals, pending responses and re-listings are tracked over time.

No false guarantees

We do not claim guaranteed deletion or guaranteed prevention. We show what can be reduced, monitored or escalated.

UK and Europe focus

The audit is built around UK and European business risk, privacy expectations and operational handling.

Controlled handling

Findings are reviewed carefully, reported responsibly and separated between business-level risk and unnecessary personal detail.

Request a Private Audit Call

Questions before booking

What businesses usually ask before the first call.

No. The first call is only used to confirm fit, risk concern and audit scope. Staff-level details are only discussed after scope approval.

No. Some sources support removal, some resist and some require specific verification routes. Hushfolk supports removal workflows where available, tracks responses, records refusals and monitors for re-listings.

No service can guarantee that. Hushfolk is designed to reduce exposed people-data, weak links and reusable context that can make fraud, impersonation and follow-on targeting easier to carry out.

Recent exposure context

The same patterns keep showing up in real incidents.

Breached employee records, exposed executive profiles, public phone numbers, credentials and personal context keep making attacks easier to personalise.

contextThe Register

All the passwords were stored in Active Directory description fields

It was far too easy for a hacker to get the information

Affected: Public incident report

public incident reportcredentials
contextBleepingComputer

Suspicious Polyfill login prompts pop up on Toshiba, Muji websites

Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could collect credentials. [...]

Affected: Public incident report

public incident reportcredentials
elevatedThe Hacker News

FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins

Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking…

Affected: Public incident report

public incident reportaccount recordsfraud context

The point is not breach headlines. The point is the pattern: exposed data becomes more dangerous when it connects to people, roles and trust.

Request a Private Audit Call

Private audit request

Find the exposure before it becomes the incident.

Book a private 15-minute call. We will confirm the risk concern, the people or roles to include, and the right audit scope.

If there is a fit, the audit gives you a clear plan to reduce what attackers could use against your business.

Request a Private Audit Call
View sample report
15 minutesNo staff data on first callFixed audit scopeRedacted employer reportingReduction plan included