Coalition Exposure Tool
Main Site

Coalition Exposure Tool

Is your organisation’s data already out there?

Customer records and confidential documents are being exposed on publicly available platforms every day — often long before a breach is ever declared. Check now.

The Coalition of Cyber Investigators continuously monitors publicly available locations using proprietary OSINT workflows and cutting-edge investigative tools and techniques.

Who this is for

Whether the exposure is your organisation’s to manage, or you’re acting on someone else’s behalf.

If the exposure is yours to manage

CISOs, risk, compliance and fraud leaders, general counsel and the board. Establish quickly whether your organisation’s documents and customer data are exposed, understand the risk, and act on evidence rather than assumption.

If you’re acting for others

Legal, insurance, forensic and advisory teams. Check a client’s or member’s exposure, and commission a full intelligence report to support your work.

How It Works

How The Coalition of Cyber Investigators identifies exposed documents

Research

We monitor publicly available locations using proprietary OSINT workflows and cutting-edge investigative tools to detect exposed customer data and confidential business documents.

Identify

Exposed documents are catalogued by type, source location, and a sanitised description of visible PII — without revealing sensitive data.

Report

Organisations receive a detailed report to help investigate the breach, remediate exposure, determine reporting obligations, and protect both customer data and their reputation.

Why This Matters

Our investigative techniques consistently surface exposed documents that commercial cyber threat intelligence feeds have failed to detect. In many cases, the material we identify has been publicly accessible for years — sometimes in excess of 15 years — yet remained entirely invisible to conventional monitoring solutions. This gap between what standard tools report and what actually exists in the public domain is precisely where organisational risk quietly accumulates.

The Investigators Behind This Tool

This tool is maintained by The Coalition of Cyber Investigators — a global think-tank uniting leading experts in investigations, cybercrime and OSINT. Its founders bring over 110 years of combined experience.

Paul Wright

Co-founder (United Kingdom)

A recognised authority in cybercrime, digital forensics and complex investigations with 40+ years’ experience. Founder of eCrime Intelligence and an expert witness in formal proceedings worldwide.

Neal Ysart

Co-founder (Philippines)

40+ years in investigations, cybercrime and OSINT. A former Scotland Yard officer who set legal precedents in internet investigations, a former Big Four Forensic practice leader, and headed Deloitte’s Forensic practice in the Philippines.

Lajos Antal

Founding Member (Hungary)

Almost 30 years in cyber forensics and investigations. Former Big Four leader who headed Deloitte’s Central Europe Cyber Security practice for 14 years.

How We Can Help

Beyond this tool, The Coalition of Cyber Investigators offers a range of services to organisations whose data has been exposed — all led by experienced investigators.

Bespoke Investigations

Our core service

Hands-on investigations led by experienced investigators, not automated scans. We examine an organisation’s publicly exposed footprint in depth, map where compromised material is surfacing, and report our findings clearly so decision-makers can act on evidence. Where genuine data surfaces, we can conduct independent internal investigations to establish whether an organisation has been compromised from within — combining interviews, digital forensics and open-source intelligence analysis.

Comprehensive Exposure Report

A full, sanitised intelligence report on the exposed material linked to a named organisation — going well beyond the sample shown here, so leadership can see the fuller picture and act. Where required, the report can also feed your takedown and reporting activities.

Ongoing Monitoring

Continuous surveillance with alerts when new exposed material appears, rather than a single snapshot in time.

Expert Reports & Litigation Support

Formal, documented findings suitable for use in disputes, regulatory matters and due diligence — supporting legal advisers and their clients.

Fraud Risk Assessment

A structured assessment of how exposed documents and data could be exploited against an organisation and its customers — helping identify vulnerabilities and prioritise the controls that reduce fraud risk.

Our Approach — and its Limits

We believe credibility comes from being clear about what we do, how we do it, and what we deliberately do not claim.

Public sources only

Everything we catalogue is found on publicly accessible platforms. We do not hack, intrude, or access anything that is not already openly available.

We do not obtain, purchase or store leaked data

Our role is to identify and report where material is exposed — not to collect or hold it.

Everything shown is sanitised

Sensitive personal data is redacted. What appears on this tool is a description of what exists, not a clear republication of it.

We do not assert a confirmed breach

The presence of a document — genuine or fabricated — is a reason to investigate, not a conclusion. We report what we find and why it warrants attention.

Only the named organisation can establish the truth

Whether a document is authentic or not can only be determined by the institution whose brand it bears, through checking against its own internal records. That determination rests with the company concerned, not with us. We are, however, available to provide independent, expert support if required.

Disclaimer: The information provided by this tool is based on open-source intelligence research and is intended for informational purposes only. It does not constitute legal, regulatory, or cybersecurity advice. Before taking any action based on these findings — including but not limited to breach notification, regulatory disclosure, or remediation — organisations must independently verify all material against their own systems and records. Publicly exposed documents may include both genuine data breaches and fabricated artefacts originating from Fraud-as-a-Service operations. The Coalition of Cyber Investigators makes no warranty as to the accuracy or authenticity of individual findings and accepts no liability for actions taken without prior independent verification. Should you require guidance on interpreting or acting upon these findings, The Coalition of Cyber Investigators is available to advise.