One identity breach, taken apart. Roughly monthly.

Vendor-neutral teardowns of identity-related breaches by IdentityLogic Consulting. Every issue maps a real incident to the specific IAM controls that failed, the configuration steps that would have caught it, and what remains unverifiable.

Subscribe

Roughly monthly. Some months we publish a "no breach worth analyzing" note instead.

Free. Four fields. Double opt-in for deliverability. One-click unsubscribe in every email.

By subscribing you agree we may email you about the Postmortem. We never sell, share, or rent your address.

Issues

All teardowns

June 30, 2026

Change Healthcare, February 2024

One Citrix portal without MFA. Nine days of lateral movement. The largest healthcare breach in US history.

Change Healthcare·6 min read

June 30, 2026

Hims and Hers, February 2026

A social engineering call. A compromised Okta SSO account. Millions of support tickets exfiltrated through a third-party trust chain.

Hims and Hers·7 min read

June 30, 2026

Stryker, March 2026

A compromised Global Admin account. Microsoft Intune turned into a weapon. Roughly 200,000 devices wiped across 79 countries.

Stryker·8 min read

Why we do this

Honest cadence over forced cadence.

We publish when there is a breach worth analyzing through an IAM lens, and not when there is not. Each teardown is vendor-neutral, sourced to public disclosures, and closes with an explicit "what remains unknown" section. Authors are IdentityLogic Consulting practitioners; the firm is the byline.

Read the full methodology →