Fully developed reports with strong evidence are highly desired and will receive the most attention. We are specifically interested in the following weaknesses:

• Poor identity and access management controls

  • Lack of multi-factor authentication for sensitive systems

  • Weak or unchangeable default admin credentials

• Sensitive data exposure in the wild

  • Passwords or api credentials

  • Personal Identifiable Information of 1,000 individuals or more

  • Protected Health Information for 500 individuals or more

• Public law enforcement or government reports (FOIA accessible)

  • Has sensitive information been mistakenly leaked in a local, state or federal government report?

• Fraudulent filings

  • Has a company stated they have cybersecurity or privacy protections when they do not?

  • Has a company had an incident they were required to fix but not fixed it?

  • Has a company been required to disclose a breach to a vendor, business partner or regulator but not done so?

Contacting Us

Contact us via email at info@breachsiren.com OR Signal at +1 614-259-8172.

DO NOT send us documents or evidence that are classified or illegally obtained. These will be deleted immediately.