1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever

The 1,000th data breach has been loaded into Have I Been Pwned, a milestone that highlights the persisting issue of delayed disclosure. Despite the introduction of privacy regulations like GDPR and CCPA over the past 12 years, the time it takes for breaches to be disclosed has increased, exacerbating the problem. This lag allows attackers to exploit vulnerable systems for extended periods, putting more individuals at risk. The emergence of these regulations was expected to improve transparency and promptness in breach disclosure, but the opposite has occurred¹. The growing number of breaches and prolonged disclosure times underscore the need for continued vigilance and monitoring of personal data. This trend matters to security practitioners because it emphasizes the importance of proactive measures to protect sensitive information, as relying on timely disclosure is no longer a viable strategy.