Security researcher Troy Hunt recently discovered a collection of nearly 3,000 possible data breaches accompanied by data from previously confirmed breaches on a hacking forum located on the clear web. He states that almost all of the obtained files contain email addresses – 80,115,532 in total – and plaintext passwords. Hunt is still analyzing the data and has yet to determine where the possible breaches occurred, as there does not appear to be a direct correlation between the accounts and the associated source file at this time. Hunt owns and operates the website HaveIBeenPwned.com where users can check to see if their email addresses have been included in any previous data breaches. The NJCCIC recommends all users assume that their email addresses and passwords have been, or will be, involved in a data breach, and enable multi-factor authentication (MFA) on every account that offers it to protect themselves against credential compromise. For accounts that do not offer MFA, we recommend creating lengthy, complex passwords for those accounts and monitor them regularly for unauthorized activity. We strongly advise against password reuse.