October 13, 2025
Have I Been Pwned Founder Troy Hunt talks Breaches, Ransomware & Online Safety
Digital Disruption with Geoff NielsonAbout this episode
How are AI and automation shaping both the attack and defense sides of cybersecurity? On this episode of Digital Disruption, we’re joined by the founder and CEO of Have I Been Pwned, Troy Hunt. Troy Hunt is an Australian security researcher and the founder of the data breach notification service, Have I Been Pwned. With a background in software development specializing in information security, Troy is a regular conference speaker and trainer. He frequently appears in the media, collaborates with government and law enforcement agencies, and has appeared before the U.S. Congress as an expert witness on the impact of data breaches. Troy also serves as a Microsoft Regional Director (an honorary title) and regularly blogs at troyhunt.com from his home on Australia’s Gold Coast. Troy sits down with Geoff to share eye-opening insights on the evolving threat landscape of 2025 and beyond. Despite the rise of AI and automation, Troy emphasizes that many of today’s most damaging data breaches and ransomware attacks still stem from basic human error and social engineering. He explains how ransomware has shifted from encrypting files to threatening data disclosure, making it harder for organizations to manage risk and justify ransom payments. The conversation also touches on how breach fatigue and apathy have led many individuals and businesses to underestimate cybersecurity risks, even as incidents rise globally. He also highlights how AI tools are being weaponized by both defenders and attackers and argues that cybersecurity isn’t about perfect protection but about finding equilibrium: balancing usability, education, and risk mitigation. In this episode: 00:00 Intro 01:15 Why human weakness beats AI 02:00 Young hackers and the rise of scattered spider 04:00 From hacktivists to career criminals 05:00 Ransomware’s new tactics 07:30 Should companies pay the ransom? 10:20 Can you ever be fully protected? Defense vs. response 11:20 How to convince boards cybersecurity is worth the money 14:20 Breach fatigue and public apathy 18:00 Reframing what ‘sensitive data’ really means 20:00 Passwords, reuse, and the real risk equation 24:00 Biometrics, face ID & the future of authentication 26:30 Threat Modeling 101 27:30 Barriers to cyber preparedness 29:30 How Have I Been Pwned works 32:00 The Future of Data Breaches 38:00 Microsoft’s Role in the Security Ecosystem 40:30 AI Hype vs. reality in cybersecurity 43:00 When AI helps hackers 52:00 Why transparency still matters after every breach 54:00 Accepting risk, building resilience Connect with Troy: Website: https://www.troyhunt.com/ LinkedIn: https://www.linkedin.com/in/troyhunt/ X: https://x.com/troyhunt Visit our website: https://www.infotech.com/?utm_source=youtube&utm_medium=social&utm_campaign=podcast Follow us on YouTube: https://www.youtube.com/@InfoTechRG