A contact list looks less sensitive than a contract, account statement or medical record. It can be more operationally useful to an adversary.
Names, roles, assistants, private numbers, advisers and recurring groups reveal the institution’s trust graph. The list identifies who can create urgency, who handles money, who bridges family and business, and who is likely to obey whom.
Relationships are the attack plan
An attacker does not need every private fact. They need the correct sequence: impersonate the adviser, contact the new assistant, cite the travelling principal and route the request through the person who normally solves problems.
Contact data also reveals isolation. A single person appearing across finance, travel, health and technology is a high-value target.
Value object — The Relationship Exposure Map
- Person and institutional role.
- Sensitive relationships visible from membership and frequency.
- Channels and directories containing the relationship.
- Adversarial use: impersonation, timing, coercion or recovery fraud.
- Minimum audience that genuinely needs the entry.
- Removal and correction owner.
Control exports and synchronisation
Contact data spreads through phone backups, vehicle systems, email clients, messaging apps, event tools and provider databases. Removing an entry from the central directory does not recall those copies.
Separate professional, private and emergency directories where consequence demands it. Restrict exports. Review applications that request full address-book access for a narrow feature.
Do not authenticate from the graph
Knowing the principal’s lawyer, child or recent visitor proves access to relationship intelligence, not identity. Verification must use registered channels and factors unavailable from the directory.
The institution’s contact graph is a map of how trust moves. Protect it like an operating diagram, because that is what it is.
