screen grab from

Has .gov been pwned?

Have I Been Pwned, a website that allows users to see if their email address is associated with a data breach, is now being used by Australian and United Kingdom governments to monitor their domains.

The service was created by Troy Hunt, an Australia-based independent security expert. Hunt announced the government projects in a blog post.

The Microsoft Azure-hosted allows individuals to check to see whether their email address has been compromised, and organizations can check whether any of their domain's addresses have shown up in any of the data breaches currently tracked by the system.

With this announcement, all U.K. government domains have been enabled for centralized monitoring by the National Cyber Security Centre. Likewise the Australian Cyber Security Centre can monitor all domains on demand, Hunt wrote.

Although the governments will be using a commercial version of the service, Hunt is making it available for free.

Officials will be able to query email address associated with their domain respective -- or -- and set up alerts to be notified if any domain becomes associated with a new breach.

“It means that within minutes of one of their email addresses being found and loaded into HIBP, they'll know about it,” Hunt said in his blog post.

Hunt is working with other governments to monitor their domains at no cost. "I can’t go into detail on which governments I’m speaking to until they’re happy to announce it publicly," he told GCN.  "I hope to be able to share details on those once they come onboard."

In his testimony before the House Energy and Commerce Committee last year on identify verification, Hunt said many people don't learn they’ve been involved in a data breach until years later. And due to a lack of accountability there isn’t much incentive to make changes, he told lawmakers.

“They trade-off the cost of implementing security controls against the likelihood of a data breach occurring and inevitably, often decide that there’s not a sufficient return on investment in further infosec investments," he said at the hearing. "Without greater accountability on behalf of the organisations involved, it’s hard to see the status quo changing”

About the Author

Matt Leonard is a former reporter for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected