And it seems that another breach has been reported.
This time, it says 23 Million accounts may have been breached along with passwords of about 1/2 of those.
Can anyone keep up with the daily barrage of data breach announcements?
Not really but I remember when these were not reported by corporations as they were afraid for their reputations or CIOs/CISO were afraid they would lose their jobs.
A number of organizations still require silence on these events and only when things like GDPR (or other) audits highlight them do them come to light.
I applaud companies like Norsk Hydro and their openness on the Ransomware that hit them. Believe it allows the benefit of their experience to be shared with the community (what happened, how they handled it, the final outcome).
To build off what @rslade said, If you are the primary security POC for your agency (or can at least get an email account setup that matches one of 4 parameters) you can get alerts from HaveIBeenPwned everytime someone from your domain (@domain.extention) has an email identified in these new breaches.
I get these and then notify the users that whatever password they used in conjunction with their CORPORATE/BUSINESS email has been compromised and to never use that password, or any variation, again. It also helps me see how users are misusing the business email address they were given that was supposed to be for official use only.