Stay ahead of breach news without manual checks. The flow watches a trusted breach feed and lets your team know when a new breach appears. It suits IT and security teams that want fast awareness with low effort.

A schedule trigger runs every 15 minutes and calls the latest breach endpoint. The workflow reads a small cache file, extracts the last stored breach name, and compares it with the current result. If they differ, it flags a new breach, writes the new name to the cache, and moves down the alert path. If they match, it follows the no alert path. A manual trigger path helps you initialize or reset the cache when needed.

You will need an API key for the breach service and a simple header based connection in n8n. Expect to replace daily manual checks with an automated watch and cut the risk of missed updates. Add your own notifier after the new breach step to send messages by email or chat. Results are quick to set up and simple to maintain.

• Scheduled checks every 15 minutes using a schedule trigger
• HTTP request pulls the latest breach from the external API
• Reads and parses a local JSON cache to remember the last breach
• If logic compares current and cached names to detect changes
• Writes the newest breach name back to the cache for the next run
• Manual trigger path to initialize or reset the cache file
• Separate branches for new breach and no new breach for clear actions
• Easy to extend by adding email or chat nodes after the new breach step

• Reduce manual breach checks from 30 minutes per day to 2 minutes
• Automate 100 percent of breach monitoring
• Improve alert accuracy by removing human oversight
• Run checks every 15 minutes without extra staff time
• Connect a trusted breach source with a simple API key

1. Import the template into n8n: Create a new workflow in n8n > Click the three dots menu > Select 'Import from File' > Choose the downloaded JSON file.
2. You'll need accounts with Have I Been Pwned. See the Tools Required section above for links to create accounts with these services.
3. In your Have I Been Pwned account, obtain an API key from the official API page and keep it secure.
4. In the n8n credentials manager, create a new credential for the HTTP Request node. Choose a method that allows adding a custom header for the API key, then follow the on screen instructions to integrate that service.
5. Open the Request breaches node and select the new credential. Confirm the request URL matches the latest breach endpoint.
6. In Schedule Trigger, keep the default 15 minutes or set your preferred interval. Save the workflow.
7. Click Test workflow to run the manual path once. This initializes or resets the local cache so the next scheduled run behaves as expected.
8. Run the scheduled path once from the editor. If a new breach is found, you will see the new breach branch taken and the cache updated.
9. Run it again to confirm the old breach branch is now taken when nothing new appears. This proves the cache and compare logic works.
10. Attach your preferred notifier after the new breach step, such as email or chat nodes, and map fields like the breach name into your message.
11. If you see authorization errors, verify the API key and header. If the cache file cannot be written, check the file path and write permissions on your n8n host.