diff --git a/apps/settings/api/security.py b/apps/settings/api/security.py
index df10b627b..14c4ed4b1 100644
--- a/apps/settings/api/security.py
+++ b/apps/settings/api/security.py
@@ -4,8 +4,9 @@ from django.conf import settings
 from django.core.cache import cache
 from rest_framework.generics import ListAPIView, CreateAPIView
 from rest_framework.views import Response
-from rest_framework.viewsets import ModelViewSet
+from rest_framework_bulk.generics import BulkModelViewSet
 
+from common.drf.filters import IDSpmFilterBackend
 from users.utils import LoginIpBlockUtil
 from ..models import LeakPasswords
 from ..serializers import SecurityBlockIPSerializer, LeakPasswordPSerializer
@@ -60,7 +61,7 @@ class UnlockIPSecurityAPI(CreateAPIView):
         return Response(status=200)
 
 
-class LeakPasswordViewSet(ModelViewSet):
+class LeakPasswordViewSet(BulkModelViewSet):
     serializer_class = LeakPasswordPSerializer
     model = LeakPasswords
     rbac_perms = {
@@ -71,3 +72,11 @@ class LeakPasswordViewSet(ModelViewSet):
 
     def get_queryset(self):
         return LeakPasswords.objects.using('sqlite').all()
+
+    def allow_bulk_destroy(self, qs, filtered):
+        return True
+
+    def filter_queryset(self, queryset):
+        queryset = super().filter_queryset(queryset)
+        queryset = IDSpmFilterBackend().filter_queryset(self.request, queryset, self)
+        return queryset