Data Leak Monitoring

Overview

Data Leak Monitoring scans for your employees' credentials in data breaches across the dark web and public breach databases. Identify compromised accounts before attackers exploit them.

Why Data Leak Monitoring?

The Risk

Average person has 100+ online accounts
65% of people reuse passwords
Billions of credentials exposed in breaches
Compromised credentials are sold and traded

Credential Reuse Impact

When an employee's personal account is breached:

Attackers try the same password elsewhere
Corporate accounts often share passwords
Credential stuffing attacks are automated
Accounts compromised within hours

How It Works

Monitoring Process

Domain Configuration
Bastion monitors your email domains.
Breach Scanning
Continuous scanning of breach databases and dark web.
Match Detection
Employee emails matched against breach data.
Alert Generation
Alerts created for exposed credentials.
Remediation
Password reset and employee notification.

Data Sources

Source	Description
Breach Databases	Collections of known breaches
Dark Web	Credential marketplaces
Paste Sites	Data dump websites
Combo Lists	Compiled credential lists

Issue Dashboard

Viewing Issues

Navigate to Employees → Data Leak → Issues

Each issue shows:

Employee email
Breach source
Date discovered
Data exposed (password, hash, personal info)
Status (new, in progress, resolved)

Issue Severity

Severity	Meaning
Critical	Plaintext password exposed
High	Weak hash exposed (likely cracked)
Medium	Strong hash exposed
Low	Email only, no password

Issue Details

Click an issue to see:

Breach Information - Name, date, scope
Exposed Data - What was leaked
Employee History - Past breaches for this employee
Recommended Actions - Remediation steps

Remediation Workflow

Handling Issues

Review
Review issue details and severity.
Notify
Notify the affected employee.
Password Reset
Require password reset on corporate accounts.
Verify
Confirm password was changed.
Close
Mark issue as resolved.

Notification Options

Method	Configuration
Email	Send breach notification email
In-App	Notify within Bastion
Manual	Handle notification yourself

Email Template

Customize the breach notification email:

Subject line
Breach details to include
Required actions
Links to password reset

Integration with Identity

Forced Password Reset

With identity provider integration:

Issue detected
Automatic forced password reset triggered
Employee must reset on next login
Reset verified in Bastion

Supported Integrations

Azure Active Directory
Google Workspace

Historical Data

Breach History

View historical breach data:

Total breaches affecting organization
Trend over time
Most affected employees
Common breach sources

Employee Breach History

Per employee:

All past breaches
Credentials exposed
Remediation status
Risk level

Proactive Measures

Password Policies

Reduce breach impact with:

Unique passwords per account
Password manager usage
MFA enforcement
Regular password rotation

Training Integration

Link to awareness training:

Password security courses
Post-breach training assignment
Credential hygiene education

Reporting

Breach Reports

Generate reports showing:

Summary - Total breaches, affected employees
Trend - Breaches over time
By Department - Department breakdown
Remediation Status - Open vs. resolved

Compliance Evidence

Breach monitoring supports:

Framework	Requirement
SOC 2	CC6.8
ISO 27001	A.12.6.1

Alerts Configuration

Alert Settings

Configure how you're notified:

Setting	Options
Frequency	Real-time, daily digest, weekly
Recipients	Security team, employee managers
Severity Filter	All, high and above, critical only

Escalation

Set up escalation for unresolved issues:

Initial alert to security team
24 hours: reminder to security team
48 hours: escalate to manager
72 hours: escalate to CISO

Best Practices

Act Quickly

Breached credentials are often exploited within hours. Fast remediation is critical.

Monitor Personal Domains

Consider monitoring common personal email domains if they're used for business tools.

Enforce MFA

MFA reduces breach impact significantly. Even with stolen passwords, accounts remain protected.

Educate Employees

Train employees on password hygiene and the risks of credential reuse.

Next Steps

People

Manage employee directory

Training

Assign password security training

Overview​

Why Data Leak Monitoring?​

The Risk​

Credential Reuse Impact​

How It Works​

Monitoring Process​

Domain Configuration

Breach Scanning

Match Detection

Alert Generation

Remediation

Data Sources​

Issue Dashboard​

Viewing Issues​

Issue Severity​

Issue Details​

Remediation Workflow​

Handling Issues​

Review

Notify

Password Reset

Verify

Close

Notification Options​

Email Template​

Integration with Identity​

Forced Password Reset​

Supported Integrations​

Historical Data​

Breach History​

Employee Breach History​

Proactive Measures​

Password Policies​

Training Integration​

Reporting​

Breach Reports​

Compliance Evidence​

Alerts Configuration​

Alert Settings​

Escalation​

Best Practices​

Next Steps​