The Delicate Balance in Data Breach Reporting (Bank Info Security)


Troy Hunt’s free breach-notification service, Have I Been Pwned?, logs tens of thousands of visits per day, particularly if there’s been a major data breach making news headlines. His service enables people to discover if their email address – and by extension access credentials – have been compromised via breaches small and large, including leaks involving Adobe Systems (152 million credentials exposed), the Ashley Madison extramarital dating site (31 million credentials) and most recently, LinkedIn (164 million credentials).

But running such a service is not without its complications. For starters, there’s a delicate balance to strike between informing the public and not divulging so much information that it could jeopardize people’s privacy, says Hunt, who was scheduled to speak at the AusCERT computer security conference near Brisbane, Australia, on May 27.

Hunt launched Have I Been Pwned? in late 2013 as a resource for the public and organizations, but he’s also a regular speaker at information security conferences and workshops around the world (see Top 10 Data Breach Influencers).