Recent Breaches
Breaches
2026PowerSchool62.4M stolen62.4M records stolen2026DISA Global Solutions3.3M stolen3.3M records stolen2026Globe Life850K stolen850K records stolen2026HertzUndisclosed stolenUndisclosed records stolen2026NHS ScotlandUndisclosed stolenUndisclosed records stolen2025Marks & Spencer9.4M stolen9.4M records stolen2025PayPal35K stolen35K records stolen2025Co-operative GroupUndisclosed stolenUndisclosed records stolen2025Jaguar Land RoverUndisclosed stolenUndisclosed records stolen2024National Public Data2.9B stolen2.9B records stolen2026HertzUndisclosed stolenUndisclosed records stolen2026NHS ScotlandUndisclosed stolenUndisclosed records stolen2025Marks & Spencer9.4M stolen9.4M records stolen2025PayPal35K stolen35K records stolen2025Co-operative GroupUndisclosed stolenUndisclosed records stolen2025Jaguar Land RoverUndisclosed stolenUndisclosed records stolen2024National Public Data2.9B stolen2.9B records stolen2026PowerSchool62.4M stolen62.4M records stolen2026DISA Global Solutions3.3M stolen3.3M records stolen2026Globe Life850K stolen850K records stolen
View All →
Breaking NewsUpdated as information becomes available
Back to Knowledge Vault
GuidesBreaking14 July 202622 min read

Urgent Briefing and Advice: Protecting Personal Data for High-Profile Figures in the Public Eye

Practical steps for serving and former politicians, councillors, campaigners, journalists, executives, broadcasters and anyone in the public eye, covering email security, device hygiene, threat handling and offline secure storage.

Mark Fermor

Mark Fermor

Director & Co-Founder, Firevault

Share
Warning triangle symbol representing the urgent briefing and advice for public figures

Practical steps for serving and former politicians, councillors, campaigners, journalists, executives, broadcasters and anyone in the public eye, covering email security, device hygiene, threat handling and offline secure storage.

Mark Fermor · Director & Co-Founder, Firevault · July 2026

Recent events have reminded us that high-profile individuals can attract threats that reach beyond their public roles and into their private lives, their devices and their most personal data. The widely reported death of a former parliamentarian has prompted important conversations about online hostility, data exposure and the practical protection available to anyone in the public eye.

With growing concern that personal addresses have been accessed, we are calling on all senior figures, current and former politicians, councillors, campaigners, journalists, executives, broadcasters and commentators, to take immediate steps to protect themselves and their families. This briefing and advice is not speculation about any single case. It is a straightforward, security-focused checklist for reducing the chance that personal information becomes a weapon.

Priority actions: if you do nothing else this week

  1. Put phishing-resistant multi-factor authentication on your email. A hardware security key or authenticator app on the mailbox that can reset everything else. SMS codes are the weakest option.
  2. Check your mailbox for forwarding rules and third-party app access. Silent forwarding rules are how attackers keep reading your email after you change your password.
  3. Opt out of the open electoral register, and audit where your home address lives. Ballot papers, registers of interests, Companies House filings, deliveries, event registrations, close each one down (see the address section below).
  4. Identify your crown jewels and take them offline. The documents, digital assets and sensitive data whose exposure would hurt most should not sit in an always-connected account. Move them to an offline vault.
  5. Update every device, and retire the ones that cannot be updated. Most real-world compromises exploit a fix the victim had not installed.
  6. Get your named police contact. MPs and candidates through Operation Bridger; councillors, mayors and PCCs through Operation Ford. Record the details somewhere your family can find them.
  7. Agree a household protocol. Who you call, what you preserve, and what nobody posts, before an incident, not during one.

Why public figures are at higher risk

Being visible carries a data footprint. Constituents, journalists, critics, activists and hostile actors can piece together your location, routines, contacts, finances and relationships from what you post, what you sign up to, what leaks, and what is freely sold online. The threat is not always technical. It can be a single determined individual using information that is already public.

What changes is the scale of the audience. A member of the public may receive an unpleasant email. A high-profile figure may receive thousands. Some of those messages are criminal. The volume makes it easier for a genuine threat to be missed among the noise.

The official evidence is stark. The Speaker's Conference on the security of MPs, candidates and elections, established after the 2024 general election, found that 96 per cent of the MPs who responded to its survey had experienced at least one form of abuse, intimidation or harassment, and that one in five had hesitated or refrained from debating or voting on an issue because of the abuse they expected to receive. The Electoral Commission's research after the May 2025 elections found that 61 per cent of candidates experienced harassment or security threats during the campaign, in some cases including physical attacks and being followed.

Local government is no safer. The Local Government Association's Debate Not Hate surveys have consistently found around seven in ten councillors experiencing abuse or intimidation in the previous year; roughly one in five have received a threat of violence, and at the 2023 peak more than eight in ten said they felt at risk while fulfilling their role. The Jo Cox Civility Commission, whose recommendations have been publicly backed by four former Prime Ministers, describes abuse and intimidation of elected representatives as one of the biggest threats to democracy in the UK. Notably, both the Speaker's Conference and the LGA have pressed for the same practical change this briefing argues for below: home addresses of candidates and councillors should not be published.

This is not a theoretical concern, and it is not confined to celebrities. The National Cyber Security Centre (NCSC), part of GCHQ, considers you a high-risk individual if your work or public status gives you access to, or influence over, sensitive information that could interest nation states, and it explicitly names people in political life, journalism, academia, activism and the legal sector. The official record shows why. The UK and its allies have attributed a long-running spear-phishing campaign against parliamentarians from multiple political parties, active since at least 2015, to Star Blizzard, a group assessed as almost certainly operating under Centre 18 of Russia's FSB. The NCSC has also assessed that China state-affiliated actors carried out reconnaissance against the email accounts of UK parliamentarians in 2021, and has reported targeting of officials' accounts by actors working for Iran's Islamic Revolutionary Guard Corps.

One point from the NCSC's guidance deserves emphasis: attackers frequently go after personal accounts and devices precisely because they expect them to be less protected than corporately managed systems. Your private life is the soft target. Everything below follows from that.

Retirement does not reset the clock. The data footprint built over a career in public life, press archives, register entries, old campaign material, data-broker records, remains searchable long after the role ends, and so does name recognition among the hostile as well as the friendly. Yet the institutional protections that come with office, from parliamentary security support to a named police contact, generally attach to the current role. The Speaker's Conference recognised a version of this problem when it asked police forces to plan for the higher risk profile some candidates carry over from their time as MPs. If you have left office, the disciplines in this briefing matter more, not less, because you will often be applying them without an organisation behind you.

Know your adversaries, and what they want

A useful briefing names the threat. Public figures face four broad adversary classes, and each is after something different:

  • Hostile states. They want your correspondence, contacts, movements and anything that gives leverage, the espionage campaigns attributed to Russian, Chinese and Iranian state-linked actors above are patient, personalised and aimed at personal accounts.
  • Fixated and grievance-driven individuals. They want your location, routines and home address. This is the threat class where a data footprint translates most directly into physical risk, and it applies to former members as much as serving ones.
  • Doxxers and ideological campaigners. They want anything that embarrasses, exposes or intimidates: addresses, family details, private photographs, out-of-context messages, published to invite a crowd to do the rest.
  • Criminals and extortionists. They want money. Ransomware that encrypts everything reachable, sextortion, invoice fraud against your office, or the quiet sale of your data onwards.

Different adversaries, same fuel: your data. It helps to sort that data into three exposures. What can be found, the public footprint of registers, filings, posts and broker records. What can be stolen, whatever your online accounts and devices can reach on the day one of them falls. And what can be destroyed or held to ransom, whatever exists only in connected locations. The rest of this briefing works through each in turn; the vault addresses the second and third directly.

Start with the accounts that matter most

Your email is the master key to most of your digital life. If someone can read it, they can reset passwords, impersonate you, discover your movements and harass your contacts. Start here.

  • Use a dedicated public-facing address. Separate correspondence from personal accounts, family accounts and financial accounts, and use a strong password for email that you use nowhere else.
  • Enable the strongest multi-factor authentication available. Prefer hardware security keys or authenticator apps over SMS, which can be intercepted or SIM-swapped. Phishing-resistant methods matter: attackers have used fake sign-in pages that capture session cookies and can defeat weaker forms of two-factor authentication.
  • Never approve an unexpected sign-in prompt. The NCSC advises that an authentication request you did not initiate likely means someone already has your password, deny it and change the password immediately, on every account where you reused it.
  • Review auto-forwarding rules and app permissions. Attackers have been observed setting hidden forwarding rules so they keep reading your email even after you change your credentials.
  • Keep sensitive material off messaging apps. In a 2026 alert on the targeting of high-risk individuals through messaging apps, the NCSC advised against sharing sensitive information over them and recommended corporately provided channels for work communications.
  • Train your staff. If assistants or researchers manage your inbox, they must follow the same rules and never share passwords.

It helps to understand how real attackers work. The joint advisory on Star Blizzard, issued by the NCSC together with CISA, the FBI, the NSA and agencies in Australia, Canada and New Zealand, describes patient, personalised operations: the attackers research a target's interests and real-world contacts, create accounts impersonating people the target knows, exchange harmless messages for weeks to build rapport, and only then send a link to a convincing fake sign-in page. Notably, the advisory records that these actors predominantly write to targets' personal email addresses, deliberately sidestepping the security controls on corporate networks. If a familiar name suddenly writes to you from a webmail address, or a "conference invitation" arrives with a document link, verify through another channel before you click.

Clean up your devices and your home network

Phones, tablets, laptops and smart home devices are all entry points. A vulnerable camera, printer or router can expose your location, your conversations and your visitors.

  • Keep software updated. Turn on automatic updates for operating systems, browsers and messaging apps, and install them promptly.
  • Replace unsupported devices. The NCSC's advice for high-risk individuals is blunt: old phones and laptops that no longer receive updates cannot be patched and are easier to attack.
  • Remove old apps and accounts. Unused applications can be reactivated or breached.
  • Segment your home network. Keep work devices on a separate network from smart TVs, cameras, speakers and guest devices.
  • Disable location sharing by default. Check that photos, posts, fitness apps and family sharing are not broadcasting your whereabouts.
  • Extend the basics to your household. Attackers and doxxers route through the least protected member of a family. Your partner's tagged photo, a child's gaming account or a shared tablet can expose the address and routines you have carefully protected.

Be aware of the zero-click reality. Citizen Lab's forensic research on Pegasus mercenary spyware has documented compromises of journalists, activists and elected officials that required no mistake from the victim at all, including a former MEP whose phone was infected while he served on the European Parliament committee investigating spyware abuse. In the cases examined, the devices were running out-of-date operating system versions for which a fix already existed. The lessons are unglamorous but effective: patch quickly, retire what cannot be patched, and take vendor threat notifications (such as Apple's mercenary-spyware alerts) seriously rather than dismissing them. If your risk profile warrants it, enable Apple's Lockdown Mode: Citizen Lab has reported that, at the time of its writing, it had not seen a case of spyware like Pegasus successfully infecting a device with Lockdown Mode switched on.

Separate what must never be online

Security teams have a name for this category: your crown jewels, the small set of digital assets and sensitive data whose theft, exposure or destruction would do you the greatest harm. For a public figure that usually means wills, medical records, legal correspondence, financial records, sensitive family documents, drafts of memoirs and sensitive photographs. For a journalist it extends to source material and interview archives; for an executive, board papers, deal documents and unpublished results; for anyone, the recovery codes, private keys and credentials that unlock everything else. If an attacker gets into your cloud accounts, these are the first things they will look for.

The discipline is simple: identify your crown jewels, keep the list short, and treat those digital assets differently from everything else. Convenience copies scattered across inboxes, shared drives and old laptops are how sensitive data leaks.

The official guidance points the same way. The NCSC has seen incidents in which ransomware encrypted not only the data on victims' machines, but also the connected USB drives, network storage and cloud locations that held the backups, and its ransomware guidance stresses keeping a recent offline backup of your most important files, where "offline" means genuinely disconnected when not in use.

Now put the two earlier sections together and follow the logic to its end. Attackers backed by states have defeated some forms of two-factor authentication with session-cookie phishing kits. Zero-click spyware has compromised careful, well-advised people without a single mistake on their part. However good your hygiene, the honest planning assumption for anyone in public life is that one of your accounts or devices could fall on some future day. What you control is not whether that day comes, it is what the attacker finds when it does. Security teams call this the blast radius: at the moment of compromise, the intruder inherits everything that identity can reach. Twenty years of mailbox history. The synced photo library. The cloud drive. The connected backup. Every convenience copy you forgot existed.

The way to shrink the blast radius is to tier your data by consequence, and handle each tier differently:

  • Tier 1, crown jewels: vault them. Material whose exposure, loss or corruption would be a life-altering event. It should not exist in any always-connected location. It belongs in an offline vault, touched only through deliberate, authenticated sessions, and it is also your clean recovery copy if everything else is encrypted or destroyed.
  • Tier 2, sensitive working data: protect it. Live casework, drafts and correspondence you need day to day. Encrypted, behind phishing-resistant MFA, shared narrowly, and periodically swept, anything that has become historic moves down to the vault and out of reach.
  • Tier 3, routine and public material: manage it. Assume it will be read one day and write accordingly.

Offline secure storage is not about hiding from technology. It is about removing Tier 1 from the always-on networks that attackers can reach. A physical air gap removes the network path an intruder depends on: while the vault is disconnected, there is no online route through which the material can be read, altered, encrypted or deleted, even if every cloud account you own has been compromised. Just as importantly, a vault imposes discipline that folders never do. A vault session is a decision: you authenticate, connect for the minutes you need, and disconnect again. Nothing syncs silently in the background. Nothing is one reused password away from a stranger.

This is what Firevault has built: Offline Secure Storage (OSS), a physically air-gapped vault and digital safe deposit box designed to keep your most sensitive records offline and under your control, connecting only for the brief, authenticated sessions you choose. Whether it is a personal vault holding a family's most sensitive data or an OSS deployment protecting an organisation's crown jewels, the principle is the same. Disconnect to Protect®.

Put your crown jewels behind a Firevault OSS vault

Firevault Offline Secure Storage keeps wills, legal papers, sensitive family records, recovery codes and unpublished work physically air-gapped, connected only for the brief, authenticated sessions you choose. When an account or device falls, the material an adversary would most want to read, ransom or destroy is not there to reach.

Explore Offline Secure Storage

Handle threats and abuse with discipline

When threats arrive, the instinct is to delete them. Resist that instinct. Evidence matters.

  • Do not reply. Responding can escalate the situation.
  • Preserve the message. Screenshot the full message, including headers, sender address, date and time, and any attachments.
  • Report it to the police. Use the appropriate local or national reporting route, and keep a record of the reference number.
  • Inform your security team, party official or council monitoring officer. They need to see patterns that one message alone cannot reveal.
  • Ask your IT support to scan for related account breaches. A threatening email can coincide with a leaked password or a compromised account.

And if you have already clicked something, do not panic, and do not hide it. The NCSC's advice to high-risk individuals is to report the incident to your organisation's IT support even if it happened on a personal device, and to report suspicious messages even when you have not clicked anything. Security teams need early reports to protect you and to spot campaigns targeting your colleagues.

If an account is compromised, the first hour matters. From a clean device: change the password and revoke all active sessions; check and delete any forwarding rules, delegate access and connected apps; secure the recovery email and phone number; warn your contacts that messages from you may be hostile; and report it, to your IT support, your police contact and, for fraud, Action Fraud. Then restore what you need from your offline copy rather than trusting what the intruder may have touched. This is where the vault earns its keep: recovery is only fast and clean if an untouched copy of what matters exists somewhere the attacker could never reach.

Know the protective security that exists

Some public figures in the United Kingdom are supported by dedicated protective security arrangements rather than ordinary local policing. Within the Metropolitan Police's Specialist Operations directorate sits the Protection Command, which handles protective security through two branches: Royalty and Specialist Protection (RaSP), providing close protection for the royal family and for government figures who qualify for personal protection, and Parliamentary and Diplomatic Protection (PaDP), providing uniformed, and largely armed, security for the parliamentary estate, government buildings and diplomatic premises.

Elected representatives also have named policing routes. Since 2016, every MP has had a designated point of contact in their local police force under Operation Bridger, and this arrangement was built on around the 2024 general election so that candidates were also given a named contact. Operation Ford now provides equivalent support for other elected officials, including local councillors, mayors and police and crime commissioners, if you are a councillor, ask your monitoring officer or your force's election officer to connect you. At a national level, the National Police Chiefs' Council is establishing a chief-officer-led Democracy Protection Portfolio to coordinate intelligence, investigations and standards on anti-democratic crime.

If you are entitled to protective security, or if you are unsure whether you are, your parliamentary, party or employer security liaison is usually the first point of contact. They can explain what is available, how threat assessments are escalated, and how personal protective arrangements fit alongside your own digital hygiene. Do not wait until an incident is in progress to ask.

If you have recently stood down or retired, do not assume that support has continued automatically, or that all of it has ended. Ask your former party, the Parliamentary Security Department or your local force what still applies to you, keep a record of who to contact, and make sure your family knows the reporting routes in this briefing. The habits of office are easy to lose; the exposure is not.

Digital protection also exists, and too few eligible people use it. The NCSC operates two opt-in services for high-risk individuals: an Account Registration service, through which the NCSC can alert you if it detects malicious activity against your personal accounts, and Personal Internet Protection, which adds a layer of defence on personal devices by warning about, and blocking outgoing traffic to, domains the NCSC knows to be malicious. Both were expanded ahead of the 2024 general election precisely because candidates' and officials' personal accounts were assessed as attractive espionage targets. If you think you may qualify, ask through your organisation, party or the NCSC directly. Journalists, activists and civil society figures who fear they may be spyware targets can additionally seek free expert help from the Access Now Digital Security Helpline, the route Citizen Lab recommends.

What to do if your details appear online

Data brokers, past breaches and malicious websites can publish your address, phone number, family contacts or photographs. The information is not your fault, but you can reduce the harm. Personal addresses are a particular concern because they directly expose your home and family to physical risk. The UK gives public figures more suppression mechanisms than most people ever use, work through them systematically:

  • Electoral register. Opt out of the open (edited) register, which is sold to third parties. Those at genuine risk can go further and apply for anonymous registration, which keeps your name and address off the published register entirely.
  • Ballot papers and nominations. Candidates can choose to have their constituency or local area printed instead of their home address. Take that option every time.
  • Register of interests. Councillors can ask their monitoring officer to treat their home address as a sensitive interest and withhold it from the published register, the LGA is campaigning to make this the default.
  • Companies House. If you are or have been a director, your filings may expose your home. Use a service address for all roles, and apply to Companies House to suppress your residential address from historical public documents.
  • Land Registry and utilities. Use a correspondence address distinct from the property where possible, and treat utility accounts, deliveries and event registrations as address leaks to be closed.
  • Websites and domains. If you own domain names, switch on registrar privacy so WHOIS records do not publish your home address.
  • Remove your details from data brokers. Subscription removal services and manual opt-out procedures can meaningfully reduce exposure over time, and Google's personal information removal tools can be used to request removal of doxxing content, explicit imagery and sensitive financial or medical information from search results.
  • Monitor and alert. Set up alerts on your name, address and family members' names so you know when new information appears, doxxing often targets relatives first, so brief them too.
  • Review your offline records. Keep copies of tenancy or ownership documents, utility bills and anything that proves your address offline and encrypted. A Firevault OSS vault or digital safe deposit box gives you a structured way to do this at scale.

Build a personal continuity plan

Public life is unpredictable. A device can be lost, stolen, seized or compromised. Accounts can be locked. You should be able to recover quickly.

  • Keep an encrypted, offline backup of the digital assets and documents you cannot afford to lose. A widely used rule of thumb is 3-2-1: three copies of important data, on two different types of media, with one held offline. Test that you can restore them. Firevault's Offline Secure Storage (OSS) is designed for exactly this: a vault or digital safe deposit box that keeps your crown jewels out of reach of online compromise.
  • Maintain a written, offline contact list. If you lose your phone, you still need the numbers that matter.
  • Document your account recovery codes. Store them securely and offline.
  • Agree an escalation plan. Know who you will call first if a threat appears credible.

Final note

Technology alone cannot remove every risk faced by public figures, and no honest adviser will tell you otherwise. But the pattern across every threat in this briefing, state espionage, fixated individuals, doxxing, extortion, is the same: the damage an adversary can do is bounded by the data they can find, steal or destroy. You cannot control whether you are targeted. You can decide, in advance, what a successful attack is able to reach. Shrink the public footprint. Harden the accounts. And vault what matters, so that the material you could never replace, and the evidence and records you would need on the worst day, sit offline, intact and under your control.

Mark Fermor is Director and Co-Founder of Firevault, which builds Offline Secure Storage (OSS) for individuals and organisations that cannot afford to lose or leak their most sensitive data. Firevault's OSS vault and digital safe deposit box keep what matters most offline, and under your control. Disconnect to Protect®.

References

  1. National Cyber Security Centre, Guidance for high-risk individuals on protecting your accounts and devices, ncsc.gov.uk/collection/defending-democracy/guidance-for-high-risk-individuals
  2. National Cyber Security Centre, Cyber security for high-risk individuals (summary guide), ncsc.gov.uk/files/Cyber-security-high-risk-individuals.pdf
  3. NCSC, CISA, FBI, NSA, ASD ACSC, CCCS & NCSC-NZ, Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns (joint advisory), ncsc.gov.uk/news/star-blizzard-continues-spear-phishing-campaigns
  4. National Cyber Security Centre, UK and allies expose Russian intelligence services for cyber campaign of attempted political interference, ncsc.gov.uk/news/uk-and-allies-expose-cyber-campaign-attempted-political-interference
  5. National Cyber Security Centre, NCSC ramps up support for those at high risk of cyber attacks ahead of election (Account Registration & Personal Internet Protection), ncsc.gov.uk/news/ncsc-support-those-high-risk-cyber-attacks-ahead-election
  6. National Cyber Security Centre, NCSC warns of messaging app targeting (2026 alert), ncsc.gov.uk/news/ncsc-warns-of-messaging-app-targeting
  7. National Cyber Security Centre, Mitigating malware and ransomware attacks, ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
  8. National Cyber Security Centre, Offline backups in an online world, ncsc.gov.uk/blog-post/offline-backups-in-an-online-world
  9. The Citizen Lab (with Access Now), By Whose Authority? Pegasus targeting of Russian & Belarusian-speaking opposition activists and independent media in Europe, citizenlab.ca/research/pegasus-russian-belarusian-speaking-opposition-media-europe
  10. The Citizen Lab, Espionage Against the European Parliament: Member of Committee Investigating Spyware Hacked with Pegasus, citizenlab.ca/research/member-of-committee-investigating-spyware-hacked-with-pegasus
  11. Protection Command, Metropolitan Police Service, overview, en.wikipedia.org/wiki/Protection_Command
  12. Google Search Help, Remove personal information from Google ("Results about you"), support.google.com
  13. Speaker's Conference on the security of MPs, candidates and elections, First Report (HC 570) and Second Report (HC 1303), with Government, NPCC and Electoral Commission responses, committees.parliament.uk/committee/741/speakers-conference-2024
  14. Electoral Commission, Response to the Speaker's Conference report, including May 2025 candidate research, electoralcommission.org.uk/media-centre/electoral-commission-responds-speakers-conference-report
  15. Local Government Association, Debate Not Hate campaign and annual councillor surveys, local.gov.uk/about/campaigns/debate-not-hate
  16. The Jo Cox Foundation, Jo Cox Civility Commission: No Place in Politics, tackling abuse and intimidation, jocoxfoundation.org/our-work/respectful-politics/commission
  17. GOV.UK, Register to vote: the open register opt-out and anonymous registration, gov.uk/register-to-vote
  18. GOV.UK / Companies House, Using a service address and applying to suppress your residential address from public documents, gov.uk/government/organisations/companies-house

About the author

Mark Fermor

Mark Fermor

Director & Co-Founder

Co-founder of Firevault, focused on offline secure storage and protecting individuals and businesses from fraud, fines, loss and damage. Speaker, owner and advisor.

Share this article

Breaking News
Guides14 July 202622 min read

Urgent Briefing and Advice: Protecting Personal Data for High-Profile Figures in the Public Eye

Practical steps for serving and former politicians, councillors, campaigners, journalists, executives, broadcasters and anyone in the public eye, covering email security, device hygiene, threat handling and offline secure storage.

Urgent Briefing and Advice: Protecting Personal Data for High-Profile Figures in the Public Eye
Mark Fermor
Published by Mark Fermor, Director & Co-Founder