Some states in the U.S. have data breach notification laws, but the requirements vary. In many cases, it may be up to companies whether they want to acknowledge a data breach depending on the severity and how one may affect their customers.
Analysts with Holden's company specialize in gaining access to "deep web" or dark forums, used by cybercriminals to trade data and techniques anonymously. Hold Security offers a subscription service called "Deep Web Monitoring" where companies can be notified if their data is found.
The secret forums are password protected and are often invitation only, so security researchers often pretend they're one of the bad guys to get in.
Once inside, chatter from forum members can reveal what is hot, such as new vulnerabilities that can be used to breach networks. The forums try to filter out interlopers, but since no one uses real names, it can be hard to tell who is a fly on the wall gaining intelligence.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk.