Klavan Security Breach Advisor

Breach Impact Assessment

Use this tool to assess the impact of a data breach and determine your next steps.

For Individuals

Assess the risk if your personal information has been compromised in a data breach.

For Organizations

Assess your reporting obligations and next steps when your organization experiences a data breach.

For Security Researchers

Find resources and protocols for responsible disclosure when identifying vulnerabilities.

Individual Breach Assessment

Complete this assessment to understand the risk level of your data breach and recommended actions.

Your Information

Your Name

Email Address

Assessment Questionnaire

What types of information were compromised? (Select all that apply)

Contact information (email, phone, address)

Financial information (credit card, bank account)

ID documents (SSN, driver's license, passport)

Account login credentials (username, password)

Health information

Other sensitive personal information

Have you noticed any signs of identity theft or fraud? (Select all that apply)

No signs of misuse yet

Unauthorized charges on accounts

New accounts opened in your name

Tax fraud

Medical identity theft

Account takeover

What actions have you already taken? (Select all that apply)

None yet

Changed passwords

Enabled multi-factor authentication

Placed a credit freeze

Placed a fraud alert

Enrolled in credit/identity monitoring

Your Jurisdiction

Complete the assessment to see your personalized recommendations.

High Priority Actions

Change your passwords for all affected accounts and any accounts where you've used the same password.
Enable multi-factor authentication wherever available.
Place a credit freeze with all major credit bureaus to prevent new accounts from being opened.
Place a fraud alert on your credit reports if you can't place a freeze.
Review financial statements for any unauthorized transactions.

Next Steps

File an identity theft report with the FTC at IdentityTheft.gov if you've experienced fraud.
File a police report for identity theft if required by financial institutions.
Contact the company that experienced the breach to understand what they're doing to protect you.
Consider credit monitoring services or identity theft protection.

Contact your local police to file a report if you've experienced fraud.
Report the fraud to the Canadian Anti-Fraud Centre at antifraudcentre-centreantifraude.ca.
Contact the company that experienced the breach to understand what they're doing to protect you.
Consider credit monitoring services or identity theft protection.

Contact your local police to file a report if you've experienced fraud.
File a complaint with your national data protection authority.
Contact the company that experienced the breach to understand what they're doing to protect you.
Request data deletion under your GDPR rights if appropriate.

Report to Action Fraud at actionfraud.police.uk if you've experienced fraud.
File a complaint with the Information Commissioner's Office (ICO) if the company hasn't properly reported the breach.
Contact the company that experienced the breach to understand what they're doing to protect you.
Request data deletion under your UK GDPR rights if appropriate.

Report to ReportCyber at cyber.gov.au/report if you've experienced fraud.
Contact IDCARE at idcare.org for specialized support.
Contact the company that experienced the breach to understand what they're doing to protect you.
Consider credit monitoring services or identity theft protection.

Contact your local police to file a report if you've experienced fraud.
Report to your national consumer protection agency if you've experienced fraud.
Contact the company that experienced the breach to understand what they're doing to protect you.
Consider identity monitoring services or identity theft protection.

Ongoing Protection

Monitor your accounts regularly for suspicious activity.
Check your credit reports regularly from all major bureaus.
Use unique, strong passwords for each account and consider a password manager.
Be vigilant about phishing attempts that may increase following a breach.

Need Professional Assistance?

Klavan Security offers specialized identity protection services and personalized guidance for victims of data breaches. Our experts can help you navigate the recovery process and strengthen your digital security.

Contact Klavan Security

General Resources

Have I Been Pwned - Check if your email has been involved in known data breaches
FTC Identity Theft Resources - Comprehensive guidance for identity theft victims
Identity Theft Resource Center - Non-profit organization supporting identity theft victims
ENISA Risk Management Resources - European Network and Information Security Agency

US Resources

IdentityTheft.gov - FTC's identity theft reporting and recovery resources
Equifax Credit Freeze
Experian Credit Freeze
TransUnion Credit Freeze
IRS Identity Protection PIN
USA.gov Identity Theft Resources

Canadian Resources

Office of the Privacy Commissioner of Canada
Canadian Anti-Fraud Centre
Equifax Canada
TransUnion Canada
RCMP Fraud and Scam Information

EU Resources

European Commission Data Protection
European Data Protection Board
Data Protection and Online Privacy
Europol Cybercrime Reporting
EU Citizens' Rights Guide

UK Resources

UK Government Identity Theft Resources
Action Fraud - National fraud and cybercrime reporting center
Information Commissioner's Office
CIFAS Protective Registration
Experian UK Identity Theft Support
NCSC Security Tips

Australian Resources

Office of the Australian Information Commissioner
IDCARE - Australia & NZ's identity & cyber support service
Australian Cyber Security Centre
Scamwatch
MoneySmart Identity Fraud Resources

Klavan Security Resources

Klavan Security offers free resources, guides, and tools to help you protect your identity and recover from data breaches. Our team can provide personalized guidance for your specific situation.

Request Free Resources

Security Researcher Tools

Researcher Information

Your Name

Email Address

Your Region

Responsible Disclosure Guidelines

As a security researcher, responsible disclosure is critical to ensure vulnerabilities are addressed without causing unnecessary risk to organizations and their users.

Best Practices for Disclosure

Private Disclosure First - Always report vulnerabilities to the affected organization before public disclosure.
Clear Communication - Provide detailed information about the vulnerability and steps to reproduce it.
Reasonable Timeline - Allow the organization reasonable time to address the issue before public disclosure (typically 60-90 days).
Respect Scope - Follow any published bug bounty or vulnerability disclosure policies.
Minimize Harm - Avoid accessing, modifying, or destroying data beyond what's necessary to demonstrate the vulnerability.

Regional Disclosure Guidance

United States Guidance

US Department of Justice issued framework for vulnerability disclosure that generally supports good-faith security research.
Be aware of the Computer Fraud and Abuse Act (CFAA) and its potential implications.
Many US organizations have formal vulnerability disclosure policies and bug bounty programs.
Critical infrastructure sectors may have specific disclosure requirements.

Canadian Guidance

The Criminal Code sections related to unauthorized use of computers should be considered.
The Canadian Centre for Cyber Security (CCCS) publishes guidance on vulnerability disclosure.
Good-faith security research with responsible disclosure is increasingly recognized and accepted.

European Union Guidance

The EU Cybersecurity Act provides a framework that supports coordinated vulnerability disclosure.
The NIS 2 Directive encourages creation of vulnerability disclosure policies.
National laws vary between member states, so be aware of local regulations.
GDPR considerations should be taken into account when disclosing vulnerabilities involving personal data.

United Kingdom Guidance

The UK Computer Misuse Act (CMA) remains a potential concern for security researchers.
The NCSC has published vulnerability disclosure toolkit to guide organizations.
Several government bodies have established vulnerability disclosure programs.
The UK promotes coordinated vulnerability disclosure through various initiatives.

Australian Guidance

The Australian Cyber Security Centre (ACSC) provides responsible disclosure guidance.
The Security Legislation Amendment (Critical Infrastructure) Act 2021 impacts vulnerability disclosure in critical sectors.
Many Australian organizations have formal vulnerability disclosure programs.

International Guidance

ISO/IEC standards 29147 and 30111 provide frameworks for vulnerability disclosure and handling.
FIRST's Guidelines and Practices for Multi-Party Vulnerability Coordination offer international best practices.
Be aware of local computer crime laws in your country and the country where the organization is based.
International organizations like CERT/CC can sometimes assist with coordinated disclosure.

When to Contact Law Enforcement

The vulnerability potentially affects critical infrastructure
You've discovered evidence of a significant data breach already in progress
You've found evidence of malicious activity or criminal exploitation
The affected organization has been non-responsive after multiple attempts to report

Need Vulnerability Disclosure Support?

Klavan Security's SHELLHOUNDS Team can help with responsible vulnerability disclosure by:

Validating vulnerabilities before disclosure
Acting as a neutral third-party coordinator
Providing legal guidance on disclosure processes
Helping navigate complex multi-party disclosures

Contact Our Research Team

Resources for Security Researchers

General Resources

disclose.io - Open-source vulnerability disclosure framework
OWASP Vulnerability Disclosure Cheat Sheet
ISO/IEC 29147 - Vulnerability disclosure standard
CVE Request Process
Security Research Techniques - Resources for ethical security research

US Resources

CISA Coordinated Vulnerability Disclosure
US DOJ Framework for Vulnerability Disclosure
FTC Guidance on Bug Bounty Programs
NTIA Vulnerability Disclosure Guidance
US-CERT Vulnerability Disclosure Policies

Canadian Resources

CCCS Vulnerability Disclosure Guidance
Canadian Centre for Cyber Security
Office of the Privacy Commissioner - Security Technologies
Get Cyber Safe Resources

EU Resources

ENISA Coordinated Vulnerability Disclosure Policies
European Cybersecurity Forum
EU Responsible Disclosure Guidelines
Software Vulnerability Disclosure in Europe
EU Cybersecurity Policy Resources

UK Resources

NCSC Vulnerability Disclosure Toolkit
UK Government Vulnerability Reporting
NCSC Vulnerability Reporting Service
CREST UK - Ethical Security Testers
TechUK Coordinated Vulnerability Disclosure

Australian Resources

ACSC Responsible Disclosure
Australian Signals Directorate Publications
OAIC Data Breach Guidance
AusCERT Resources
Cyber Aware Resources

Bug Bounty Platforms

HackerOne
Bugcrowd
Intigriti
Synack
YesWeHack

Vulnerability Databases & Disclosure Frameworks

National Vulnerability Database (NVD)
Common Vulnerabilities and Exposures (CVE)
Common Vulnerability Scoring System (CVSS)
ISO/IEC 29147 - Vulnerability Disclosure

Join Klavan Security's Researcher Network

Klavan Security partners with skilled security researchers to improve cybersecurity for our clients. Our researchers benefit from:

Exclusive access to private research programs
Legal protection frameworks for ethical research
Training and mentorship opportunities
Collaborative disclosure coordination

Apply to Join Our Network

Organization Breach Assessment

Complete this assessment to understand your reporting obligations and recommended actions.

Contact Information

Your Name

Email Address

Organization Name

Breach Details

Type of breach: (Select all that apply)

Loss or theft of device/media

Unauthorized access

Ransomware/malware

Insider threat/employee misuse

Phishing attack

Accidental disclosure/misconfiguration

Data types involved: (Select all that apply)

Contact information

Payment information

Government IDs (SSN, passport, etc.)

Health information

Biometric data

Information about minors

Was the data encrypted or protected?

No, data was in plaintext

Yes, but with outdated/weak encryption

Yes, with strong encryption

Unknown

Is the breach ongoing?

Yes, breach is ongoing

No, breach has been contained

Unknown

Estimated number of affected individuals:

Primary Jurisdiction

Complete the assessment to see your reporting requirements.

Reporting Timelines

US Reporting Timelines

State laws: Vary by state, typically 30-60 days for notification to affected individuals
HIPAA: 60 days from discovery for notifications, report to HHS within 60 days for breaches affecting 500+ individuals
GLBA: As soon as possible for notifications to customers
SEC: Material breaches must be disclosed in SEC filings

Canadian Reporting Timelines

PIPEDA: Report to Privacy Commissioner and notify individuals "as soon as feasible"
Organizations must maintain breach records for 24 months
Provincial laws: Alberta requires notification "without unreasonable delay"

EU Reporting Timelines

GDPR: Report to supervisory authority within 72 hours of becoming aware of the breach
GDPR: Notify affected individuals without undue delay when breach is likely to result in high risk to rights and freedoms
NIS2 Directive: Significant incidents must be reported within 24 hours of awareness

UK Reporting Timelines

UK GDPR: Report to ICO within 72 hours of becoming aware of the breach
UK GDPR: Notify affected individuals without undue delay when breach is likely to result in high risk to rights and freedoms
NIS Regulations: Relevant digital service providers must notify within 72 hours

Australian Reporting Timelines

Privacy Act: Report to OAIC within 30 days of becoming aware of eligible data breach
Privacy Act: Notify affected individuals as soon as practicable after statement to OAIC
Critical Infrastructure: Report within 12 hours for critical cyber security incidents, 72 hours for other relevant incidents

Templates & Documentation

Download these templates to help with your breach reporting:

Data Breach Notification Template
Breach Log Template

Need Expert Assistance?

Klavan Security's breach response experts can help your organization with:

Incident response planning and execution
Regulatory compliance and notification requirements
Forensic analysis and breach containment
Post-breach security enhancement

Request Breach Response Services

General Resources

NIST Privacy Framework - Comprehensive privacy risk management approach
NIST Cybersecurity Framework - Industry standard for security controls
ENISA Risk Management Resources - European Network and Information Security Agency
ISO/IEC 27001 - International standard for information security
PCI DSS Breach Response - For payment card data breaches

US Resources

FTC Data Breach Response Guide
HHS HIPAA Breach Notification Rule
DHS Data Breach Response Checklist
FBI Internet Crime Complaint Center (IC3)
SEC Data Breach Disclosure Guidance
CISA Incident Response Playbook

Canadian Resources

Office of the Privacy Commissioner - Breach Response
What you need to know about mandatory reporting of breaches
Canadian Centre for Cyber Security
Privacy Breach Toolkit
IPC Ontario's 7 Steps to Addressing Privacy Breaches

EU Resources

EDPB Guidelines on Personal Data Breach Notification
Article 29 Working Party Guidelines
ENISA Data Breach Resources
EU Cybersecurity Strategy
CNIL Breach Notification Guidelines (France)
BfDI Breach Notification Guidelines (Germany)

UK Resources

ICO Guide to Personal Data Breaches
ICO Breach Reporting Portal
NCSC Data Breach Guidance
NCSC Incident Management Collection
NCSC Incident Response Planning

Australian Resources

OAIC Notifiable Data Breaches scheme
OAIC Data Breach Preparation and Response Guide
Australian Cyber Security Centre
ACSC Incident Response Plan
ACSC Data Breach Response Guide

Klavan Security Enterprise Solutions

Klavan Security offers comprehensive breach prevention, detection, and response services for organizations of all sizes. Our team can help you implement robust security controls and prepare for potential incidents.

Request Enterprise Consultation

Zero Liability Disclaimer

By using this tool, you acknowledge and agree that the software is provided by Klavan “as is”, without warranty of any kind, either express or implied. This includes, but is not limited to, any warranties of merchantability, fitness for a particular purpose, or non-infringement.

In no event shall the authors, copyright holders, or Klavan (as the provider of this tool) be liable for any claim, damages, or other liability — whether in an action of contract, tort, or otherwise — arising from, out of, or in connection with the software or the use or other dealings in the software.

Use of this tool is entirely at your own risk. You are solely responsible for any actions taken based on the information it provides.