1k Data Breaches Later, the Disclosure Lag Is Worse

Article excerpt

Troy Hunt's analysis of 1,000 data breaches tracked on his Have I Been Pwned platform reveals a troubling trend: the time between when a breach occurs and when it's publicly disclosed has grown significantly worse. Companies are taking longer to notify affected users and the public, despite regulations like GDPR and various state privacy laws that mandate rapid disclosure. Hunt's data suggests the lag has increased over recent years, raising questions about whether current legal frameworks are effectively incentivizing companies to act quickly when breaches happen. The findings underscore a persistent tension between corporate notification practices and regulatory requirements meant to protect consumers.