There’s an Analog Hole in Your Data Security—and It’s Leaking

In the digital age, companies have built fortresses around their vast data stores. Encryption, multi-factor authentication, sophisticated role-based access controls, and advanced data loss prevention (DLP) tools form powerful layers of defense to defend against external bad actors.  

Insider threats, however, are harder to defend against. Some leaks are accidental or the result of social engineering and can be addressed by training and layered technologies that support Privileged Access Management (PAM), Zero Trust Security Models, Data Loss Prevention (DLP), and Digital Rights Management. 

But increasingly, internal bad actors are bypassing these security measures using low-tech methods and exfiltrating data through the "analog hole.” 

What Is the Analog Hole, and Who’s at Risk?

Once data and information access is granted to authorized users, it’s rendered in an analog form as an image on the screen. Insiders can then photograph or create screen captures of screens and share them on social media, news sites, or online forums. 

This is the analog hole, and internal bad actors can use it to leak critical business information. Some insiders do it for notoriety—and because they think they can’t be traced. Others are disgruntled and want to cause material harm to a business. Many are recruited and bribed by hackers with large sums of money to gain access to valuable information, such as valuable IP, customer data, product designs and images, factory layouts, AI algorithms, and more.

The analog hole makes every employee, contractor, influencer, and ecosystem partner with a phone a potential leak risk, regardless of the access controls IT has in place. And it’s not just a theoretical risk. Low-tech, image-based leaks are a serious and growing threat to every business in every industry, as illustrated by the following recent examples in:

• Cybersecurity: CrowdStrike recently fired an employee for sharing screenshots of dashboards containing links to company resources, including a user’s Okta dashboard for accessing internal apps, all facilitated by a $25,000 bribe from the Scattered Lapsus$ Hunters hacking collective.
• Financial services: A TD Bank employee working in the anti-money laundering department used her cellphone to take images of 255 checks with names of customers.  The employee sold the information on a Telegram channel, ultimately resulting in over $500,000 in losses.
• Consumer electronics: HP experienced screen-based leaks in late December 2025 and early January2026 that detailed roadmaps, high-resolution images, product names, and specifications for HP's entire CES 2026 portfolio.
• Cryptocurrency: In 2024, Coinbase was hit by a cyberattack when cybercriminals recruited and bribed support agents working at an overseas, third-party firm to leak sensitive personal information. The leak impacted 70,000 customers and resulted in an estimated $400 million in losses.
• Entertainment and toy manufacturing: Digimarc is working with a toy manufacturer that relies on influencer marketing, but is having embargoed product images and details leaked before product releases, jeopardizing partnerships and revenues.

No doubt, these enterprises all had the best firewalls, endpoint detection systems, and AI-driven anomaly monitoring in place—technologies that excel at securing data in transit and at rest. But they can't control what happens after data is rendered on-screen, when the data becomes "analog" again, and by default, susceptible to low-tech interception methods that bypass high-tech safeguards.

The Analog Hole Keeps Getting Bigger—and Riskier

Recent trends in data access and utilization have widened the analog hole, making it faster and easier for insiders to aggregate more and increasingly valuable information into individual screens. These include:

• Widespread use of employee portals: More businesses are deploying employee portals that streamline and centralize employee access to business data, applications, systems, and processes. This just makes it faster and easier for insiders to create condensed views of sensitive and confidential information and insights.
• Embedded, democratized AI: Tools like Retrieval-Augmented Generation (RAG AI) and generative AI are democratizing access to vast internal knowledge bases and enabling even non-technical employees to query vast databases using natural language. Similarly, AI assistants can display synthesized insights from sensitive sources, which users can easily screenshot and post online, creating significant, embedded risks.
• Process outsourcing to SaaS providers: As businesses outsource more work to third parties (for example, loan processing for banks), it’s vastly increasing both data spread and employee vulnerabilities, as the Coinbase attack illustrates.
• Work-from-home trends: When people work from home, they access information and systems remotely—often through employee portals. They can easily use their personal phones to take photos or videos of sensitive on-screen information, without any worry about being observed.
• The ubiquity of mobile phones: Today, everyone has a mobile phone, and often two: one for work and another for personal use. These devices make it incredibly easy for insiders to sneak pics of screens at home and even in a busy office.

Take Action to Minimize and Trace Leaked Screen Images 

The good news is, the analog hole can be managed using proactive, multi-layered technologies that include physical, behavioral, and traceable elements that insert unique identifiers tied to users, timestamps, or devices. 

For example, Digimarc’s leak detection solution adds a covert security layer to on-screen content that embeds user attributable information (such as a username or sessionID) into screen images. If a screen capture or photo is leaked externally, this embedded information enables IT to quickly trace images back to perpetrators, hold them accountable, and stop future leaks. 

Digimarc’s solution can be combined with other technologies such as:

• Endpoint and DLP solutions for managed devices
• Zero-trust architectures that restrict data display based on context (e.g., no sensitive views on unsecured networks).
• AI-powered monitoring and governance that flags anomalies such as unusual screen activity or repeated views of high-risk data.
• Frameworks like TRiSM (Trust, Risk, and Security Management) for AI to ensure governance extends to the display layer.

Digimarc Empowers IT to Take Swift Action

The analog hole underscores a timeless truth: No security is absolute when humans are involved. In 2026, as data and AI become more accessible than ever from PCs and handheld devices, companies must address this security vulnerability head-on and take swift action when leaked images are discovered. 

To learn more about how Digimarc can help you to trace leaked images back to their source, visit us online or watch the video: