Maksim Kabakou - Fotolia

Q
Problem solve Get help with specific problems with your technologies, process and projects.

Is there a viable breach notification tool?

A breach notification tool from Firefox Monitor and Have I Been Pwned could help consumers understand more quickly if their email or other vital information has been hacked.

Mozilla recently began testing an integration between Firefox Monitor and Have I Been Pwned to expand the Firefox Monitor breach notification tool to let users know about past data breaches. How does this tool work and how effective can it be for users?

Data breaches have become a significant problem, and one that requires immediate attention to ensure assets and individual data are protected. Enter breach notification.

When Social Security numbers or credit card numbers are stolen, the people affected must be notified. The Federal Trade Commission has a list of steps people should take if their data has been compromised.

The options aren't as clear when data other than Social Security and credit card numbers are stolen, however.

Consider a breach where an account -- and the email account associated with it -- is compromised. It's also possible the password was jeopardized. The type of breach notification users receive will depend on the website. It may send an email, post a notice on the homepage or add a breach notification when users access the site to alert them to the incident and explain what they need to do next to protect their accounts. The steps vary for each website and could require more than a password change.

Yet, it's easy for users to miss breach notifications and, as a result, those affected won't know what to do to protect themselves. But help is on the way.

For example, last fall, Mozilla introduced an integration between Firefox Monitor and Have I Been Pwned (HIBP) to notify users about security incidents on websites they visit. HIBP is a database compiled from known compromised websites that includes the email addresses exposed and other details about the incident. The Firefox Monitor breach notification lets users know if the website they're visiting has been recorded in the HIPB database.

While some issues still remain as this integration is implemented, its potential benefit could outweigh concerns involving market confusion or alert fatigue. For this tool to be successful, however, it will be important for its backers to explain how the data detailing breaches is validated and managed.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in February 2019

Dig Deeper on Data security breaches

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What kinds of new procedures have you used to notify your customers of data breaches?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close