Tag Archives: Data Breaches

Data breach lists and identity theft victim resources

Some of the more comprehensive lists of known data breaches include:

Identity theft victims can receive advice from these websites:

HaveIBeenPwned website checks for emails and passwords included in data breaches

Security researcher Troy Hunt recently published his findings about a huge store of 773 million email accounts with some password information that had previously been stored at a location available to hackers. 

To verify if a specific email address was included in his list of data breaches, enter it at Troy Hunt’s website haveibeenpwned.com.  Passwords can be verified separately at haveibeenpwned.com/Passwords.

Firefox Monitor notifies you if your email address is part of a data breach

Mozilla announced the release of Firefox Monitor, a free tool that allows you to see if your email address was included in known data breaches.  This service will not store your email address unless you subscribe to it so you can be notified of future data breaches that use your email account.

Firefox Monitor was developed as a collaboration between Mozilla and security expert Troy Hunt of HaveIBeenPwned.com (HIBP).

This Mozilla security tool is available at monitor.firefox.com.

General Data Protection Regulation (GDPR) goes into effect May 25th 2018

General Data Protection Regulation (GDPR) is a set of privacy rules that apply to any entity that handles personal data for customers in the European Union (EU). GDPR goes into effect May 25th 2018.

GDPR includes some of the following requirements:

  • the right to easy access to one’s own personal data;
  • the right to secure data protection by design and by default;
  • the right to data portability, or the ability for customers to move their data between companies easily upon request;
  • the right to know when one’s data has been compromised or breached;
  • the right to be forgotten, i.e. the ability to have one’s personal data deleted if there is no legitimate reason to retain the data.

The maximum penalty for GDPR non-compliance would be 20 million euros or 4% of worldwide turnover, whichever is greater.

More information about GDPR is available at www.eugdpr.org and ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en.

Microsoft has published its own GDPR compliance guide and best practices at www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx.

Google has documented its own commitment to GDPR here.

Residents of Australia are covered under the Australia Privacy Act.