Early last year, I announced that I was making HIBP data on government domains for the UK and Australia freely accessible to them via searches of their respective TLDs. The Spanish government followed a few months later with each getting unbridled access to search their own domains via an authenticated API. As I explained in that initial post, the rationale was to help the departments tasked with looking after the exposure of their digital assets by unifying search and monitoring capabilities so the task could be performed centrally rather than having the effort replicated over and over again by individual departments. Before this effort, there were hundreds of gov domains being manually monitored by separate departments across those governments - and thousands that weren't monitored at all.
Today, I'm welcoming the Austrian government on-board via their GovCERT department. They now have free access to perform on-demand searches of *.gv.at (along with a handful of other Austrian gov domains on different TLDs) via API and enrol any of those domains for monitoring which sends them callbacks via a webhook model each and every time one of their email addresses appears in a data breach. I'm sharing this update in conjunction with GovCERT Austria as part of the commitment I made to transparency when on-boarding the first governments.
Willkommen GovCERT Austria!