Breach Notification , Governance & Risk Management , Incident & Breach Response

Data Breaches: How to Respond to a Tipoff of a Problem

Troy Hunt Says Transparent, Calm Communication Is Key
Troy Hunt, creator of Have I Been Pwned

What should an enterprise do when someone reaches out and claims to have the company's data or information about a breach?

See Also: Why Active Directory (AD) Protection Matters

There's no rule book for a response, and such an encounter can often take a confrontational turn for the worse, says Troy Hunt, an Australian data breach expert and creator of the Have I Been Pwned data breach notification service.

"When an organization is standoffish, immediately each side starts putting up their defenses and is reticent to share information or is looking for assurance and guarantees and things that often hinder the process," Hunt says.

In this video interview, Hunt discusses:

  • How to de-escalate situations where someone is threatening to release data;
  • Why inserting a page called "security.txt" into a website is the best way to send a positive signal to security researchers.
  • How the environment around reporting and responding to security vulnerabilities has somewhat improved.

Hunt created Have I Been Pwned, which notifies individuals when their email address turns up in breaches. He is a Microsoft regional director and MVP, Pluralsight author and internet security specialist. A frequent speaker at conferences around the world, he runs workshops focusing on secure authentication, best password practices and how to avoid data breaches.


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.