Today, we welcome the 42nd government onboarded to Have I Been Pwned’s free gov service: Costa Rica.

The CSIRT of the Government of Costa Rica now has access to monitor government domains against the data in HIBP. This enables their national cybersecurity incident response team to identify exposure of government email addresses in data breach, support prevention and analysis activities, and respond more quickly when new incidents appear.

Costa Rica’s CSIRT plays a national role in cybersecurity incident response, helping coordinate, analyse, and respond to threats affecting the government and the broader digital ecosystem. We’re very happy to support that mission by providing visibility into breached government accounts and helping them proactively reduce risk across public sector services.

Well, it's the day before the Instructure "pay or leak" deadline (at least by my Aussie watch), and the company remains removed from the ShinyHunters website. In its place sits a press statement that amounts to "we're not making any statements". So did they pay? And if so, what lofty figure would an incident of this scale command? The lawsuits are already being prepared (search for "instructure class action lawsuit"), so perhaps that will be the catalyst for transparency. What a crazy time.