Data at risk

Potentially Personal Identifying Information found – Email Addresses

Risk Level

Hazardous (3)

  • Non-platform specific

Compliance Frameworks
  • ,
  • NIST 800-53
  • ,
  • SOC 2

About Personal Identifiable Information

Personal identifiable information (PII) is any data that can be used to uniquely identify a person. PII examples include name, Social Security number, telephone number, retina scans, and MAC addresses (or device IDs).

PII is often the most sensitive and valuable data stored by an entity and therefore a prime target for threat actors. Securing it—both at rest and in transit—is critical, especially in the cloud. If PII gets into the hands of malicious actors, it can cause significant harm to the exposed persons as well as your organization. Possible consequences include identity theft, data breach, reputational damage, and regulatory fines.

Cloud Risk Description

Protecting PII in the cloud can be challenging given the size of the attack surface. Therefore, it’s important to never store it as plain text or in the same tables, schemas, or databases as other data. In addition, do not store plain text PII (e.g., email addresses) on cloud assets like VMs or containers.

How Can Orca Help?

Orca detects sensitive data at risk across both the workload and control plane and, if found, dispatches an alert along with remediation steps and exact data location  (see screenshot). Since leakage of such confidential data is also subject to security compliance regulations (and large fines), the alert is prioritized so that security teams will know to immediately remediate the issue.


Orca Security, the cloud security innovation leader, provides cloud-wide, workload-deep security and compliance for AWS, Azure, and GCP - without the gaps in coverage, alert fatigue, and operational costs of agents.