NCSC joins international breach notification service

The GCSB’s National Cyber Security Centre (NCSC) has joined the government programme(external link) of the service Have I Been Pwned?(external link) (HIBP).

HIBP enables individuals or organisations to identify whether an email address they own has been exposed in a public data breach. Email addresses disclosed in data breaches are collected by malicious cyber actors and may be used to tailor their attacks to specific victims, increasing the risk of cyber security incidents.

HIBP’s government programme enables the NCSC to receive alerts from this service for official New Zealand Government email addresses disclosed in data breaches. This includes, and is limited to, addresses ending in,,, and Once the NCSC receives an alert, it can notify the affected agency and provide advice.

HIBP shares only email addresses affected by a data breach with the NCSC. Alerts may reference other affected types of information associated with the email (such as a password), but the information itself is not shared.

Over time, the alerts will also provide the NCSC with insights into cyber hygiene across government, supporting more effective cyber security policy and resilience initiatives.

HIBP offers membership to the government programme at no cost.


Media contact: