Have I Been Pwned Founder Troy Hunt talks Breaches, Ransomware & Online Safety

Listen to this episode from Digital Disruption with Geoff Nielson on Spotify. How are AI and automation shaping both the attack and defense sides of cybersecurity?On this episode of Digital Disruption, we’re joined by the founder and CEO of Have I Been Pwned, Troy Hunt.Troy Hunt is an Australian security researcher and the founder of the data breach notification service, Have I Been Pwned. With a background in software development specializing in information security, Troy is a regular conference speaker and trainer. He frequently appears in the media, collaborates with government and law enforcement agencies, and has appeared before the U.S. Congress as an expert witness on the impact of data breaches. Troy also serves as a Microsoft Regional Director (an honorary title) and regularly blogs at troyhunt.com from his home on Australia’s Gold Coast.Troy sits down with Geoff to share eye-opening insights on the evolving threat landscape of 2025 and beyond. Despite the rise of AI and automation, Troy emphasizes that many of today’s most damaging data breaches and ransomware attacks still stem from basic human error and social engineering. He explains how ransomware has shifted from encrypting files to threatening data disclosure, making it harder for organizations to manage risk and justify ransom payments. The conversation also touches on how breach fatigue and apathy have led many individuals and businesses to underestimate cybersecurity risks, even as incidents rise globally. He also highlights how AI tools are being weaponized by both defenders and attackers and argues that cybersecurity isn’t about perfect protection but about finding equilibrium: balancing usability, education, and risk mitigation.In this episode: 00:00 Intro01:15 Why human weakness beats AI02:00 Young hackers and the rise of scattered spider04:00 From hacktivists to career criminals05:00 Ransomware’s new tactics07:30 Should companies pay the ransom? 10:20 Can you ever be fully protected? Defense vs. response11:20 How to convince boards cybersecurity is worth the money14:20 Breach fatigue and public apathy18:00 Reframing what ‘sensitive data’ really means20:00 Passwords, reuse, and the real risk equation24:00 Biometrics, face ID & the future of authentication26:30 Threat Modeling 10127:30 Barriers to cyber preparedness29:30 How Have I Been Pwned works 32:00 The Future of Data Breaches38:00 Microsoft’s Role in the Security Ecosystem40:30 AI Hype vs. reality in cybersecurity43:00 When AI helps hackers 52:00 Why transparency still matters after every breach54:00 Accepting risk, building resilienceConnect with Troy:Website: https://www.troyhunt.com/LinkedIn: https://www.linkedin.com/in/troyhunt/X: https://x.com/troyhuntVisit our website: https://www.infotech.com/?utm_source=youtube&utm_medium=social&utm_campaign=podcastFollow us on YouTube: https://www.youtube.com/@InfoTechRG