I am the lead cybersecurity architect for Capco, a financial services consulting company. We advise banks and financial institutions on regulatory compliance. My particular area is cyber security (architecture through penetration testing).
We have an inexpensive service that will check your companies AD users passwords (stored hashes) against the list of passwords we have scraped from the dark web (2.1 Billion passwords).
Ping me if you want to know more.
Wouldn’t that be a breach of confidential information you have with your customers?