A couple of months ago, I shared news of on-boarding the UK and Australian governments to Have I Been Pwned (HIBP). As I explained at the time, I wanted to provide the folks there with easy access to their respective government domains which meant providing them with the facility to query at the TLD level - namely, .gov.uk and .gov.au - as well as across a handful of their other whitelisted gov domains on other TLDs. In that post, I also committed to transparency as it relates to government access and as part of that, today I'm happy to welcome the Spanish government to HIBP.
As with many countries, Spain has a governmental CERT (Computer Emergency Response Team) which handles online incidents in the national interest. For the Spanish, that's the CCN-CERT and we've been working together to understand both their scope and how the mechanics of accessing their data in HIBP work. They'll now be able to query all whitelisted Spanish government domains on-demand and will receive callbacks via a webhook model when emails on those domains appear in data breaches in the future.
You'll see a number of other governments come onboard in the future but for now, it's a big welcome to the Spanish CERT. Bienvenido!