All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

1,000 Data Breaches on Have I Been Pwned: Disclosure Delays Are Getting Worse

By

Troy Hunt

2d ago· 8 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

A baker's-dozen of insight crammed into one ring.

Score100TypeanalysisSentimentnegative

Summary

The article marks the 1,000th data breach loaded into Have I Been Pwned (HIBP), reflecting on why the service is still necessary despite privacy regulations like GDPR and CCPA. The key issue highlighted is that disclosure lag times for data breaches are getting worse, not better, meaning victims remain unaware of exposures for increasingly long periods. The author questions the effectiveness of current privacy regulations in preventing or promptly disclosing breaches.

Key quotes

· 3 pulled
Today, I loaded the 1,000th data breach into Have I Been Pwned.
why is it still needed? Especially considering the emergence of privacy regulations such as GDPR and CCPA in the 12 and a half years since I started HIBP, what possible purpose does it still serve?
The title kinda gives the answer away, and the big number we hit today coincided with another pattern that makes everything worse: increasingly long lag times for disclosure.
Snippet from the RSS feed
Today, I loaded the 1,000th data breach into Have I Been Pwned. Reflecting on that milestone number, I pondered how to mark the occasion in writing, and what immediately came to mind was a very simple question: why is it still needed? Especially consideri

You might also wanna read

Why Faster Vulnerability Alerts Are Critical: Attackers Exploit Flaws Within 24 Hours of Disclosure

Attackers can exploit newly disclosed vulnerabilities within 24 hours, often before organizations receive alerts. The article argues that tr

hendryadrian.com·9d ago

Charter Communications data breach affects 4.9 million accounts

bleepingcomputer.com·11d ago

Edmunds Data Breach: 178,000 Records Exposed by ShinyHunters Hacking Group

In January 2026, the automotive research and car-shopping platform Edmunds was breached by the ShinyHunters hacking group. The compromised d

haveibeenpwned.com·9d ago

Dutch privacy watchdog sees 75% surge in complaints to over 13,500 in 2025

The Dutch data protection authority (AP) received over 13,500 privacy complaints in 2025, a 75% increase from the previous year. Most compla

dutchnews.nl·1d ago

Essex NHS trust discloses data breach of thousands of patient records six months after cyber attack

An Essex NHS trust (MSE) has disclosed a data breach involving thousands of patient records stolen in a cyber attack on Synnovis, a patholog

bbc.co.uk·2d ago

Baker Distributing Data Breach: 103K Records Exposed by ShinyHunters Extortion Group

In May 2026, HVAC/R wholesale distributor Baker Distributing Company was targeted by the ShinyHunters data extortion group, who added the co

haveibeenpwned.com·3d ago