Today, we welcome the 45th government onboarded to Have I Been Pwned’s free gov service: Bhutan. The Bhutan Computer Incident Response Team, BtCIRT, now has access to monitor Bhutanese government domains against the data in HIBP. As Bhutan’s national CIRT, BtCIRT is responsible for consuming threat intelligence and sharing relevant insights with its constituents, helping identify and respond to cyber risks affecting government services and the people who depend on them.

This is exactly the sort of organisation the HIBP government service was built to support: national cybersecurity teams using breach data to identify leaked credentials and compromised databases associated with their government domains.

BtCIRT now joins the growing list of national CIRTs and government cybersecurity teams using HIBP to better understand their exposure, respond quickly when new breaches appear, and reduce the risk posed by compromised credentials before attackers can take advantage.

Well, that didn't last long! Recording this on Saturday morning my time, I observed ShinyHunters having gone quiet since the massive haul that would have been the Instructure ransom. It was two weeks almost to the hour since I'd first heard rumour of payment being made, and I posited that groups like this often go quiet after they feel the heat, only to emerge shortly after, the drug that is hacking being too strong to ignore. Anyway, here we now are:

🚨🇺🇸 ShinyHunters Claims 3 New Victims

🇺🇸 https://t.co/v8Wf457Gbp: U.S.-based dental benefits administrator and oral health company.

🇺🇸 Charter Communications, Inc.: U.S. telecommunications and cable company best known for Spectrum internet, TV, mobile, and phone services.

🇺🇸… pic.twitter.com/epWcVVGRHa

— Dark Web Informer (@DarkWebInformer) May 22, 2026

DentaQuest has since been removed, but their website is currently returning "Access Denied", which isn't a great look. Obviously, the broken website doesn't look great, but neither do the optics of potentially having paid a ransom. But that does seem to be the way that many of these incidents are going now 🤷‍♂️

It's a hot topic, the old "pay or don't pay" for hackers not to leak your data. Since recording this a few days ago, we've had Grafana go with the "no pay" approach, and I've seen a raft of commentary around other companies reaching "agreements", which is a much politer way of saying "we paid extortionists a ransom". I'm concerned about the normalisation of ransom payments, and using language that deflects from the criminal nature of it is a big part of that. Instructure's exact words were that they "reached an agreement with the unauthorised actor involved", which really waters down the severity of the whole thing. It looks like, for the time being, "pay or leak" is the new norm... along with nonsensical statements like "the data was returned to us" 🤷‍♂️

Today, we welcome the 44th government onboarded to Have I Been Pwned’s free gov service: The Bahamas. The National Computer Incident Response Team of The Bahamas, CIRT-BS, now has access to monitor government domains against the data in HIBP. As the national CIRT, CIRT-BS is responsible for coordinating and supporting cybersecurity-related matters across the country, and this access will help them prevent, identify, and mitigate incidents involving compromised credentials and data exposure affecting government entities and critical stakeholders.

This is precisely the sort of use case the HIBP government service was designed for: giving national cybersecurity teams the ability to identify exposure across their own digital ecosystem, respond quickly when government accounts appear in breaches, and reduce the risk posed by reused or compromised credentials before attackers can take advantage.

CIRT-BS joins a growing list of national cybersecurity teams using HIBP to help protect government departments, public resources, critical stakeholders, and the people who keep them running.