In March 2026, Maersk’s Rotterdam headquarters was targeted for the third time in under a year. Windows broken, red paint across the façade, “Boycot Israël” sprayed on the building. Weeks later, Palestine Action covered DSV’s Rotterdam office in the same red paint. Both companies had been identified as links in a supply chain. Both had their physical locations found through nothing more specific than a company website and a mapping service.
The targeting of corporate offices is documented and escalating across Europe. What is less often discussed is what happens when the same research that finds the office turns toward the people who run it.
What you can do now
The information that identifies a company also identifies its leadership. Before getting into how that research works, here is what you can do to reduce your personal exposure.
Review your LinkedIn profile
Job title, employer, and headshot are sufficient to confirm your identity. The additional information many executives leave public — current location, phone number, email address, connections list — narrows the search considerably. Your connections list can reveal your family members who also have LinkedIn profiles, your social circle, and your residential area. Set it to visible only to connections.
Discuss online exposure with direct family members and review theirs in the same conversation
Removing your own data from public sources does not help if your partner’s Instagram shows your street, your children’s school appears in a tag, or a family member’s profile lists your shared residential area. Recorded Future’s review of documented doxing campaigns found that an executive had removed their own personal data from people-search sites — attackers found the family’s home address on the exact same sites, untouched, because family members were listed as known associates in the site’s own relationship graph.
Separate your professional and personal email addresses
Breach data frequently links accounts registered to the same address. One address used across both professional and consumer accounts creates a traceable thread across multiple databases.
Use a business address for professional registrations
This includes board advisory bios, conference speaker profiles, charity trustee registrations, and professional membership directories. In the UK, Companies House director registrations have historically exposed home addresses directly. Suppression applications have been available since 2023 reforms, but many existing registrations remain unfixed.
Search for yourself and your family members quarterly
Include your full name, your residential area, and your company. Set up name alerts so new references surface as they are published. If you want a structured baseline rather than an ad hoc search, a specialist firm can produce a report covering what is currently findable across open sources, people-search platforms, and breach databases.
Know whether your company is being discussed in the context of activist campaigns
Set up a Google Alert or Bing Alert combining your company name with terms such as “vandalism”, “activists”, “boycott”, and “protest action” — this surfaces press coverage and public posts before an incident reaches your desk. Sustained negative sentiment toward an organisation in activist channels typically precedes physical action by days or weeks. That window exists to act.
If your company operates in a sector that has already appeared in an activist target chain, the time to map personal exposure is before an incident occurs. A Shield investigation maps your current footprint and establishes a monitoring baseline.
Talk to an AnalystHow targets are selected
The Palestine Action campaign against European corporate targets has been operational since at least 2023. Targets are identified through published commercial relationships: who provides insurance to an Israeli defence contractor, who banks them, who ships for them, who manages their office space, who holds their bonds in an investment portfolio.
Source material includes insurance industry publications, company filings, investment disclosures, and property management records. All are public. Recorded Future’s analysis of Palestine Action’s operations and global network documents active campaigns across the UK, Netherlands, Germany, Ireland, Italy, Sweden, Belgium, Norway, France, and Austria.
The range of companies that have had European offices physically targeted in 2025–2026 shows how broadly that supply chain definition is applied:
- Maersk (Rotterdam) — shipping and logistics, three incidents in under twelve months
- DSV (Rotterdam) — logistics, May 2026
- Allianz — insurance, dozens of European locations since October 2024, including Germany, Ireland, and the UK
- Aviva — insurance, targeted three times in 2025
- Chubb — insurance, Glasgow, April 2026
- BBC London — editorial stance on the conflict, February 2025; BBC Newcastle, June 2025
- Legal & General — investment management, London, October 2025
- Elbit Systems Ulm — the primary target’s own facility, September 2025; five activists currently on trial in Germany
- Ministry of Justice — London, December 2025
Each was identified through open sources. Each had its physical location confirmed through nothing more specific than a company website or a mapping service. The diagram below shows the research chain.
The escalation to personal addresses
On 29 September 2025, Shut the System — a group that operates in coordination with Palestine Action — targeted two Barclays senior executives in the UK at their personal residences. Red paint was sprayed outside their homes. Letters were sent to their neighbours.
This is documented in Recorded Future’s analysis of Palestine Action’s operations and global network.
An executive’s home address is not meaningfully harder to find than the company office address. In many cases it is easier. LinkedIn confirms the employer and seniority level. From there, the same research methods that located the company — public registers, professional directories, social media triangulation — locate the person.
The connective layer
LinkedIn is the primary bridge. An executive profile typically confirms employer, seniority, general location, educational background, and professional network. Combined with a family member’s social media, a speaker bio, or a charity trustee filing, a residential area becomes confirmable.
The pattern documented in US doxing campaigns reviewed by Recorded Future is instructive: threat actors “almost certainly only need to obtain basic PII about the target — such as a home address, email address, or phone number — to enable” physical threat operations. The standard is low. The research is not technically sophisticated. It relies on information that executives and their families have already made available.
Why Europe presents a harder problem than the US
In the United States, the primary enabling layer for personal doxing is people-search websites — aggregators that compile public records and sell access. These can be opted out of, imperfectly but meaningfully. Removal services exist that submit requests at scale.
In Europe, the equivalent infrastructure is different in character. Some national property registers require professional credentials to query by name, which is a genuine structural protection that does not exist in the US equivalent. But LinkedIn penetration among European executives is high. In the UK, HM Land Registry title register enquiries are accessible to anyone for a small fee per search. Companies House director registrations have historically been unprotected. Professional networks — board memberships, advisory roles, speaker programmes — create a rich public record of seniority, employer, and location that operates independently of any property register.
The opt-out infrastructure available in the US does not exist in Europe in equivalent form. What does exist is an established activist research methodology, documented European operations running for over two years, and a confirmed September 2025 case in which senior executives’ home addresses in the UK were found and acted on.
The corporate office is the first target. The people who run it are a LinkedIn search away from being the second.
Sources
- Recorded Future / Insikt Group, Violent Extremists Dox Executives, Enabling Physical Threats, March 2024
- Recorded Future, Palestine Action: Operations and Global Network, 2025
- Nieuwsopbeeld, Maersk Rotterdam vandalism, 2 March 2026
- The Canary, Allianz targeted by Palestine Action twice in 24 hours, 10 March 2025
- The Canary, Allianz hit by Palestine Action Éire, 15 November 2025
- Anadolu Agency, BBC headquarters sprayed with red paint, February 2025
- GB News, Palestine activists target London and Glasgow offices, January 2026
- Al Jazeera, Germany activists Elbit raid, April 2026