FREQUENTLY ASKED QUESTIONS

What’s the idea behind this?

  1. If security researchers are able to make disclosures to their own benefit, with minimal risk or fear of legal action:
  • The number of responsible disclosures will greatly increase.
  • The number of datasets sold on darknet sites will decrease.
  • A culture of security collaboration will be fostered, offensive security will be de-stigmatized. 
  1. If individuals are able to claim compensation with minimal effort when their data privacy is violated: 
  • Corporations will be financially incentivised to implement adequate security. 
  • People will become more aware of the importance of data privacy. 

We believe that achieving the points above will have a greater impact on national (and international) cyber security than any other single service or innovation in the near future. 

Who are we?

Breaches.uk is a project by TurgenSec, an R&D focused Cybersecurity company responsible for the continual disclosure of significant UK data breaches.

Our aim is to provide up to date and reliable breach notifications to the UK, with a dual focus of supporting ethical security research and providing actionable information for impacted individuals.

What's in it for us?

When individuals are exploited, blackmailed, scammed, robbed or otherwise damaged as a result of their data being breached, we help them get compensation.

We fund ethical security researchers to choose to make more breach disclosures by supporting them legally, with advice, and acting as a trusted party for publication. We aim to encourage more researchers to speak up about discovered breaches and come to us instead of dark web marketplaces, increase the reach of these disclosures, as well as provide advisory commentary on breaches for spreading best practice.

What can you expect from us?

Full credit for security researchers. Actionable information for those impacted by a breach, links to financial compensation and advice. Commitment to doing the right thing. 

Our Principles

Openness and clarity are at the heart of the work we do, here are the cornerstones of our efforts:

  • We help ensure that any affected organisations get an equal and fair chance to respond and support their users. 
  • We provide our advice to affected organizations to reduce the amount of unnecessary cost incurred by breaches of security and respond in the best possible way.  
  • We document our practices publicly, such that individuals or organizations may further our goals independently of us. 
  • We do not support researchers that knowingly intend to do harm to an organization or the people that work within it. 

Who we need help from?

Help us make this happen!

Security Researchers 

If you’ve found a serious security flaw leading to the leakage of personal data belonging to users but have yet to disclose - the options available are as follows - 

  1. Apply our policies (here) externally of our involvement. Email us here - research@turgensec.com if you’d like us to document and promote your discovery. 
  2. Pass off the disclosure process to us - you keep 100% of any credit given without becoming involved in communications with the organization. You may remain fully anonymous for as long as you like (days, years or forever). 

Legal Manpower

We want to be able to provide comprehensive legal support for all researchers to make disclosures with the minimum possible delay. With this in mind we are happy to welcome all individuals looking who can assist us in this -

People with strong knowledge of the Computer Misuse act in the UK or abroad would be very much appreciated, including those who have learned practically through making disclosures. 


research@turgensec.com