[How to] Make a Disclosure to Breaches.uk

Got information on a data breach to report?

We allow anonymous submissions to be made to Breaches.uk by security researchers.

Use this page as a guide, whether you intend to remain anonymous or would like full public disclosure of your work. 

Before you start

We do not accept data that meets the following description:

  • Data belonging to the Government or Military of any country. 

Our role is to work towards building a more secure society, supporting the individuals who have had their rights breached and the security researchers who bring this to light. 

Bare Essentials

You need to do the following in order for us to process your submission. 

Putting it all together

Files and folders you should include in your submission are as follows:

A single ZIP or 7Z file containing the following:

  1. README.txt (as much information about the data as possible)
  2. data/* (contains all the data you are submitting)

The README.txt should contain as much information about the data as possible, you can see a suggested format below. 

Additional optional files include screenshots to help articulate what the data is // what it corresponds to. If you can do this it really helps us out. 

Upload the file to one of our accepted cloud providers:

If these are not an option for whatever reason, feel free to reach out to us at the address below explaining why, we can discuss alternatives.

README Guidance 

In order for your submission to be processed as quickly as possible, ensure that your README.txt resembles the following format (replacing the example information):

Example README

# Data type

Usernames and passwords.

# Data format

TXT

# Company Impacted

Johnsons Commercial 

# Date of discovery

12/10/2019

# Size

~3GB

# People Impacted

500,000

# Comments

lk

Overall a README should contain the following:

  • A brief description of what the type of data is. 
  • A date of discovery. 
  • An approximation of the size of the data 
  • An approximation of the number of people impacted. 
  • Any other comments about the seriousness or origin of the data. 

Sending it to us

Send your submission to: community@breaches.uk

If you wish to encrypt the content, we’ve included our public key below. 

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBF8q+48BDADFSqB42syxvSIvxes9bvF2Nmbu4F3McPXVqyCoe6FqpXjcHK52

FbGHn0vJx9GFC7L/U/YtKCE0g7hHIK1fWbP9cdAbhveNFnFD2TIkRYTpe1olHyDp

idOpxGhMPBlyQtkrl75eYSlr0UujzUpYXIZ82x5Yz09I7ApKkg57GHbXCPLMo/Ai

Ti88GFWm4sR/AHjWm3GWAeMx5bOM8ft2fWPGKtiRXtDjTtnjZQck+LaAWnfZndjd

8Tq+gQhBZXhqiUhuSj38nD7EvVYb9b8LiJnHYNGU2TRmsmwa+LsROqXKCRw0jjke

BaPHb5TmmenAD9wJkJc7YR9vO6rqUp79DdIAwxEH7+oHXkfThncgkoOViMfRYJn2

zN3sOmeu8cMFK7zFw2fmU06cAGPXXl+rbnaVY7fWZeqsIMKlMDBFggY2SPqqCs46

5c1HaosIA2Xw/WKQmqHnqU3A806Xc0cDoptQQJk0o75oRMb093I77eQ5WT4ob2q0

rv+alaaxGZeZmY8AEQEAAbQjQnJlYWNoZXMgVUsgPGNvbW11bml0eUBicmVhY2hl

cy51az6JAdQEEwEKAD4WIQSursgOKaBzzdVJSo2nrszpYVgm3AUCXyr7jwIbAwUJ

A8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCnrszpYVgm3B4MC/4hPzqf

Vu0arfQhgcvZH6Q0pFxwmtqxQTJ3L4qTVGBkFozd7c1wogfM1UlK2Kv1PLbNWN+j

NARvJARXFWdy/BGcZvDQ7YBG40cjVTYZJX7LN7qv7q5G8FcyChhUt/CrYUJdxiO6

Fb4XG3d0WiJXjfP+8/GePJReasiMmvX3dpNfYBYm21rv9nWXLAF2irIx3JihrWbX

YCy5LaI7eqGqHWakB0c+Ohl9E3GM/WrkmdW88cSJH8nU+uYo90ye/FfWsMZULhSW

Yb9jErR9UZ9ODwOtXg5EHHd5Q/atsrEjbVUvCUFKqVIZwSNUA7ruydcYeKbN6Adf

Zay1+obH6qlGghKU/SWmxAfudv/CNeradV4sOlRq9k2g6pISa+XV9Y8E1BPb6fxG

O8Mrptq0LmewHrYQvQXTQJJIbCWveuq+d/27x/YIu6daWhLVCO+KmiB/QHyrcsBE

i5itarwmMHNmIbh6ZNoIbcXtiQnoQ4NpySurEScHNcTZWJer2wLUjtxr5c65AY0E

Xyr7jwEMAKWUw4DmWUlu4Vm9IDI1HFSihyqx17C4yGnUwNAU/BNvoGoiFuGdU9JE

iEP1lBHOBoVKlnOVSju8sg2LzTEku8YAsiTmlJPdrdl+62QGUqJCvlSWOco1I1Rh

AREsF3i9X62uiQKpks4+83XMBrZzAXDlnLgCXwgyxE+DUcaTZopxvQEk/Gfx2pqG

PVu55fepyg7kjhpwBFLmU76iGniRhi6LTjS7nVNgpTy6dtWMNJTrWgZmdfxiB5cj

3psEuAdyMTyJI90xzA20pRkq/OVHR/9jWbzeewfgi0lwBwUNqbXdhOwpBXSRFWId

DJ43us8JL2jQ7efePED1zASMimTF07fwD/mv0Y3SPyVAegBNq/1yHgg9pO6L6bJn

pGGMf0Xg/dpO1gr4gWJvqkP8m4M/KiR2vEE7LtDW89w1w0jbjBMGBv50gBhhMNTl

1Mfe/xpVDuUDl29M31e1SCBWZmzcoKUOQ5otM81WPx4x+KXQAcrz9UzTYxUPeKDC

1WkRvCvezQARAQABiQG8BBgBCgAmFiEErq7IDimgc83VSUqNp67M6WFYJtwFAl8q

+48CGwwFCQPCZwAACgkQp67M6WFYJtzAPAv/dKyIn8IXSsj0NV8QANm/ScHC7oTq

sF8Pv1Wl5pW+CgadPT8LAG7o9qy08uOhqELB3lLufZMXzOKp2E5W32Y3tGRsiyy0

s1Xz+5ny3T7wfDIZFpw/n6QqziEyXiF+1JtpSbYNGjaN+uI3wlEbTqve8kHV7SwV

ohZl1D9xr21cckrHLiDMRy6IHuJi4kIftqsGPUspC/Xtk9Q5cu8ZgEEv5MdOABu6

9sdUtRYXxpkSntUHEJ7xSrbzh7pOFWnKDAIb5dGpw4ddwR/lrZsk0LCwTo7oUKfO

y9sPY6EOwrfldUc69nb9qKJMiyrJ06JV6SVwf/qEQgCIaJb6YIfRKYQqk60HcDUu

CkpI0LBrA2s21HZwkXfxq3i++mTDmy6RCBIozrF7HT1tALJZK3OmRwuDGlg71zKd

bsoQQZ9UV5wYAJeFdYgVCLAjmHcfkt/LJTFUwSODDaPGgzZQ5LXbTPGFngwVYvM2

RAGU0Q+EnRdUo7j58fU3lFhJ2tFaepTYlywT

=vYhK

-----END PGP PUBLIC KEY BLOCK-----

After Submitting 

Relax.

You keep 100% of any credit given without becoming involved in risky, frustrating and time consuming communications with the organization in question. You may remain fully anonymous for as long as you like (days, years or forever).

Our default position is not to publish any information about the researcher making the submission, unless it is explicitly asked for and confirmed. Researchers may disclose through an alias and later decide they want to edit this credit to include their real name - or visa versa. No pressure or onerous on pushing any particular form of disclosure is placed. 

If you do not wish to make further communications with us, providing you have followed the “Bare Essentials” steps above - you can forget about this and return to your life. We’ll send you updates on how your disclosure is getting along, which you may unsubscribe from.

research@turgensec.com