Today was all about this whole idea of how we index and track data breaches. Not as HIBP, but rather as an industry; we simply don't have a canonical reference of breaches and their associated attributes. When they happened, how many people were impacted, any press on the incident, the official disclosure messaging and so on and so forth. As someone in the video today said, "what about the Airtel data breach?" Yeah, whatever happened to that?! A quick Google reminds me that this was a few months ago, but did they ever acknowledge it? Send disclosure notices? Did the data go public? I began talking about all this after someone mentioned a breach during the week and for the life of me, I had no idea whether I'd heard about it before, looked into it, or even seen the data. Surely, with so many incidents floating around that have so much impact, we should have a way of cataloguing it all? Have a listen to this week's video and see what you think.
References
- Sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.
- I've previously given thought to how much easy access to data I give governments (but I do agree that redistributing data breaches to them raises a whole world of issues and is not a good idea)
- HIBP does has a list of the 809 data breaches I've already loaded into the system (but this is merely a subset; what about all the stuff that isn't in there because the data hasn't surfaced or there's no email addresses?)