Security Breach Investigation Record
Category: External Exposure & Browser Risk Review
1️⃣ External Credential Exposure Check
Tool Used
Have I Been Pwned
Website: https://haveibeenpwned.com/
Purpose
To determine whether:
Organizational email addresses
Admin accounts
Shared service accounts
Have appeared in known public data breaches.
Action Steps
☐ Search all key organizational email addresses
☐ Document breach occurrences (if any)
☐ Identify affected services
☐ Reset passwords immediately (if exposed)
☐ Enforce MFA if not already enabled
☐ Log findings in security register
2️⃣ Browser Extension Risk Review
Product Reviewed
Gener8 – Gener8 Browser
Risk Assessment Considerations
Browser-based ad platforms may:
Collect browsing behavior data
Inject ads or tracking scripts
Access page content
Request elevated browser permissions
IT Control Recommendations
☐ Prohibit installation on company devices
☐ Remove if found installed
☐ Restrict browser extension installations
☐ Enforce managed browser policies (via Google Admin / Intune)
☐ Document approved extension whitelist
Governance & Compliance Considerations
For a nonprofit handling:
Donor data
Payment information
PCI-related systems
Browser-based adware or tracking tools present:
Data leakage risk
Session hijacking exposure
Compliance complications
Recommended Security Posture
For HCI CA devices:
✔ Only allow approved browsers
✔ Disable extension self-install permissions
✔ Require MFA on all critical platforms
✔ Perform quarterly Have I Been Pwned checks
✔ Maintain incident response documentation
Good to consider:
A Quarterly Cybersecurity Audit Checklist