Most companies still picture the same villain when they think about a breach, usually some hooded figure brute-forcing a firewall at 3 a.m. Honestly, that picture is pretty outdated now. The easier route these days runs straight through people, and the raw material for those attacks is just sitting out in the open on data broker sites. So it makes sense that the judges recognized Optery with a 2026 Fortress Cybersecurity Award in the Privacy Enhancing Technologies category for its work on this exact problem.
Paul Mander, the chief commercial officer for Optery for Business, sums up the company pretty plainly. It is basically a personal data removal tool that goes after data brokers, the companies that quietly sell your name, address, phone number, and even your family tree. Optery constantly scans those broker sites and then files opt-out and deletion requests at scale, so your details stop showing up where strangers can buy them.
The Survey Finding That Surprises Security Teams
Here is the part that tends to stop executives mid-sentence. Most security programs spend their energy protecting the C-suite, yet Optery's own research tells a different story. Mander actually explained that executives are only the fourth most targeted group inside a company. The most targeted people are actually those in IT or with administrative privileges, since their credentials unlock so much more of the building.
Finance lands second, for a pretty obvious reason. "Finance can move money," Mander said, so a convincing fake invoice can turn into a wire transfer before anyone blinks. HR sits third, and finally the executives show up. Threat actors, it turns out, just want the shortest line to whatever they are chasing.
This reframing really matters for budgets. Each exposed employee phone number or email address is really a vector, a small door that social engineering can walk through. Treat that exposure like any other vulnerability, Mander suggests, and the fix becomes pretty obvious: shrink the attack surface by removing the source data.
Why AI Turned a Slow Problem Into an Urgent One
So why did this stay overlooked for so long? Mander basically points to two things. Cybersecurity grew up as a technical discipline, so the first instinct was always to harden infrastructure and watch the API endpoints. That work still matters, of course, yet it leaves the human layer wide open.
Then AI showed up and pretty much tipped the scales. A few years ago a social engineering campaign honestly took real skill to pull off. Now, with agentic AI, someone far less sophisticated can launch attacks faster, at larger scale, and with eerily convincing messaging. "They'll see how I talk, they'll see how you speak, and they'll incorporate that into their attack," Mander noted, describing how easily public traces get weaponized.
The economics, frankly, back him up. The latest Verizon Data Breach Investigations Report found the human element shows up in roughly 60% of breaches, which is a number that has barely budged year over year. Meanwhile the FBI logged about 2.77 billion dollars in business email compromise losses in a single year. Reactive training alone, frankly, can't keep up with that pace.
Proof Over Promises, and a Human in the Loop
A lot of vendors just say "trust us, we removed your data from a thousand sites." Optery takes a pretty different route. The platform works a bit like a specialized search engine that finds your broker profiles, captures a screenshot of each exposure, and links to it. After the opt-out processes, that same link goes dead, so you can literally see what was removed.
"We don't just say trust us, we're doing our job. We'll prove it to you every time," Mander said. Customers, in other words, get to grade Optery instead of the other way around.
The removal itself basically blends machines and people. Automation handles most of the volume, since it is faster and cheaper, yet a team of privacy agents still backs up the AI and escalates tricky cases with stubborn brokers. It is a constant game of whack-a-mole, too, since brokers rebuild profiles on day 366, spin up shell companies, and don't much care whether you are listed as John or Jonathan.
Privacy as a Right, Not Just a Product
Optery went a bit further and open-sourced what it calls the largest data broker directory of its kind. The idea is pretty simple: not everyone can pay for removal, yet everyone still deserves a shot at privacy. The directory basically lists brokers, describes what data they handle, and shows people how to opt out on their own.
That stance honestly lands at a moment when trust is thin. Pew Research found that about 73% of Americans feel they have very little or no control over the data companies collect about them. Independent testing backs the approach, too. A Consumer Reports study of personal data removal services actually ranked Optery among the top performers in the category.
Mander basically treats the whole thing like insurance, not a one-time chore. "You don't uninstall your antivirus when you get a clean scan," he said, and your exposed data deserves that same steady attention. Looking ahead, he expects data removal to become a standard layer in the cybersecurity stack, sitting right next to EDR, of course, as consumers slowly gain more say over where their data travels.
The takeaway for any security leader is pretty concrete. Run a quick search on yourself, then run an AI search too, and see what strangers can already find. If your people's personal details are out there, you are basically leaving a door unlocked, and somebody with an AI agent is very happy to try the handle.
Enjoying insights from industry leaders? Subscribe to The Winners' Circle podcast on your favorite podcast player and never miss an episode. Listen and subscribe at bintelligence.com/podcast.