Government

A 10-post collection

Welcoming the Canadian Government to Have I Been Pwned

Following in the footsteps of many other national governments before them, I'm very happy to welcome the Canadian Centre for Cyber Security to Have I Been Pwned. The Canadian Centre for Cyber Security now has full and free access to query all Canadian federal government domains across both past and future breaches. Canada's inclusion in the service brings the total to 11 federal governments across North America, Europe and Australia. I hope to include more parts of the world in the coming months....

Welcoming the Icelandic Government to Have I Been Pwned

Hot on the heels of onboarding the USA government to Have I Been Pwned last month, I'm very happy to welcome another national government - Iceland! As of today, Iceland's National Computer Security Incident Response Team (CERT-IS), now has access to the full gamut of their gov domains for both on-demand querying and ongoing monitoring. As with the USA and Iceland, I expect to continue onboarding additional governments over the course of 2020 and expanding their access to meaningful data about breaches that impact their departments....

Welcoming the USA Government to Have I Been Pwned

Over the last 2 years I've been gradually welcoming various governments from around the world onto Have I Been Pwned (HIBP) so that they can have full and unfettered access to the list of email addresses on their domains impacted by data breaches. Today, I'm very happy to announce the expansion of this initiative to include the USA government by way of their US Cybersecurity and Infrastructure Security Agency (CISA). CISA now has the ability to query US government domains via API and receive notifications when they're impacted in subsequent data breaches. Over the coming months I expect to continue expanding the scope of government support in HIBP. For now, it's a big welcome to the USA and I'm enormously...

Welcoming the Danish Government to Have I Been Pwned

In a continued bid to make breach data available to the government departments around the world tasked with protecting their citizens, I'm very happy to welcome the first country onto Have I Been Pwned for 2020 - Denmark! The Danish Centre for Cyber Security (CFCS) joins the existing 7 governments who have free and unbridled API access to query and monitor their gov domains. As the year progresses, I'll keep onboarding additional governments to help consolidate existing searches their departments have been independently running and provide greater visibility at a national level....

Welcoming the Swiss Government to Have I Been Pwned

I recently had the pleasure of spending a few days in Switzerland, firstly in Geneva visiting (and speaking at) CERN followed by a visit to the nation's capital, Bern. There I spent some time with a delegation of the National Cybersecurity Centre discussing the challenges they face and where HIBP can play a role. Continuing the march forward to provide governments with better access to their departments' data exposed in breaches, I'm very pleased to welcome Switzerland as the 7th national government onto Have I Been Pwned! They'll join the other govs in Europe and Australia and have complete free and direct API access to all the breached addresses appearing on their government domains. I expect to keep on-boarding further...

Welcoming the Norwegian Government to HIBP

Over the last couple of years, I've been increasingly providing governments with better access to their departments' data exposed in breaches by giving them free and unfettered API access to their domains. As I've been travelling around the world this year, I've been carving out time to spend with governments to better understand the infosec challenges they're facing and the role HIBP can play in helping them tackle those challenges. During my time in Norway, that included spending time with their National Cyber Security Centre in Oslo. Today, I'm very happy to welcome Norway as the 6th national government onto Have I Been Pwned! You'll see more national governments come on board in the near future but for now, it's...

Welcoming the Irish Government to Have I Been Pwned

Over the last year and a bit I've been working to make more data in HIBP freely available to governments around the world that want to monitor their own exposure in data breaches. Like the rest of us, governments regularly rely on services that fall victim to attacks resulting in data being disclosed and just like the commercial organisations monitoring domains on HIBP, understanding that exposure is important. To date, the UK, Australian, Spanish and Austrian governments have come onboard HIBP for nation-wide government domain monitoring and today, I'm happy to welcome the Irish government as well. They now have access to all .gov.ie domains and a handful of other government ones on different TLDs. A big welcome to...

Welcoming the Austrian Government to Have I Been Pwned

Early last year, I announced that I was making HIBP data on government domains for the UK and Australia freely accessible to them via searches of their respective TLDs. The Spanish government followed a few months later with each getting unbridled access to search their own domains via an authenticated API. As I explained in that initial post, the rationale was to help the departments tasked with looking after the exposure of their digital assets by unifying search and monitoring capabilities so the task could be performed centrally rather than having the effort replicated over and over again by individual departments. Before this effort, there were hundreds of gov domains being manually monitored by separate departments across those governments -...

Welcoming the Spanish Government to Have I Been Pwned

A couple of months ago, I shared news of on-boarding the UK and Australian governments to Have I Been Pwned (HIBP). As I explained at the time, I wanted to provide the folks there with easy access to their respective government domains which meant providing them with the facility to query at the TLD level - namely, .gov.uk and .gov.au - as well as across a handful of their other whitelisted gov domains on other TLDs. In that post, I also committed to transparency as it relates to government access and as part of that, today I'm happy to welcome the Spanish government to HIBP. As with many countries, Spain has a governmental CERT (Computer Emergency Response Team)...

The UK and Australian Governments Are Now Monitoring Their Gov Domains on Have I Been Pwned

If I'm honest, I'm constantly surprised by the extent of how far Have I Been Pwned (HIBP) is reaching these days. This is a little project I started whilst killing time in a hotel room in late 2013 after thinking "I wonder if people actually know where their data has been exposed?" I built it in part to help people answer that question and in part because my inner geek wanted to build an interesting project on Microsoft's Azure. I ran it on a coffee budget (the goal was to keep the operating costs under what a couple of cups from a cafe each day would cost) and I made it freely accessible. And then it took off....