Your Data Was Breached: Here's Exactly What to Do Next

Data Breaches Are Inevitable

In today's digital landscape, data breaches are not a question of "if" but "when." Major companies — from social media giants to healthcare providers — suffer breaches regularly, exposing millions of users' personal information. In recent years, breaches have affected virtually every sector, including financial institutions, government agencies, retailers, and educational platforms.

What determines the impact on you personally is how quickly and effectively you respond. Having a clear action plan before a breach occurs means you can act decisively instead of scrambling in panic.

Understanding What Was Exposed

Not all breaches are equal. The severity of your response should match what was compromised:

• Email and password only — Change the password immediately and on any other site where you reused it
• Financial data (credit card numbers) — Monitor statements closely and consider requesting new card numbers
• Social Security or government ID numbers — This requires the most aggressive response, including credit freezes and identity monitoring
• Medical records — Contact your healthcare provider and insurance company to flag potential misuse
• Phone number and address — Be alert for phishing attempts and SIM-swapping attacks

Step 1: Confirm the Breach

Before panicking, verify the breach is real:

• Check the company's official website for breach notifications — most companies post announcements and create dedicated response pages
• Visit HaveIBeenPwned.com — Enter your email to see which breaches include your data and exactly what information was exposed
• Watch for official emails — Legitimate breach notifications come from the company's official domain, not random addresses
• Be cautious of phishing — Scammers often send fake breach notifications designed to steal more data. Never click links in breach notification emails; instead, go directly to the company's website

Step 2: Change Your Passwords Immediately

Start with the breached account, then any accounts sharing the same password:

• Use our Password Generator to create strong, unique passwords for each account
• Change passwords for your email accounts first — they control password resets everywhere else, making them the highest-value target
• Never reuse a compromised password on any account, ever
• If you have been reusing passwords across sites, this is the time to adopt a password manager and generate unique credentials for everything

Step 3: Enable Two-Factor Authentication

If you have not already, enable 2FA on every account that supports it, starting with:

• Email accounts (the master key to all other accounts)
• Banking and financial services
• Social media platforms
• Cloud storage services
• Any account connected to the breached service

Use an authenticator app (like Google Authenticator, Authy, or Microsoft Authenticator) rather than SMS when possible, as SIM-swapping attacks can intercept text message codes.

Step 4: Monitor Your Financial Accounts

• Check bank statements for unauthorized transactions — even small ones, as criminals often test with minor charges before making larger withdrawals
• Review credit card activity daily for the first few weeks after the breach
• Set up transaction alerts so you are notified of any purchases in real-time — most banks and credit card companies offer text or push notification alerts
• Consider a credit freeze if sensitive financial data was exposed — this prevents new accounts from being opened in your name and is free to place and lift at all three credit bureaus

Step 5: Watch for Identity Theft

After a breach, criminals may attempt to use your stolen data for identity theft — sometimes months or even years after the original breach:

• Monitor your credit reports — You are entitled to free weekly reports from all three bureaus at AnnualCreditReport.com
• Watch for unexpected mail — Unfamiliar bills, credit cards, or collection notices are red flags that someone has opened accounts in your name
• Tax fraud — File your taxes early each year to prevent criminals from filing fraudulent returns using your Social Security number
• Medical identity theft — Review medical bills and insurance statements for services you did not receive, as your health records could be corrupted with someone else's information

Step 6: Document Everything

Keep detailed records of:

• The breach notification and the date you received it
• All accounts potentially affected and actions taken on each
• Steps you have taken to secure your accounts, including dates and confirmation numbers
• Any unauthorized activity you discover
• Names and reference numbers from phone calls with companies, banks, and credit bureaus

This documentation is essential if you need to dispute fraudulent charges, file an identity theft report, or pursue legal remedies. Many breach settlements offer compensation to affected users, and thorough records strengthen your claim.

Step 7: Evaluate Legal Protections

Depending on the breach, you may have legal options:

• Class action lawsuits — Many large breaches result in settlements that provide affected users with free credit monitoring or cash payments
• State attorney general complaints — File a complaint if the company was negligent in protecting your data
• Credit monitoring offers — Accept free credit monitoring offered by the breached company, but do not let it replace your own vigilance

Preventing Future Damage

Build resilience before the next breach happens:

• Use a password manager with unique passwords for every account — this limits each breach to a single account
• Enable breach monitoring in your password manager or through HaveIBeenPwned's notification service
• Minimize the data you share — The less data companies have, the less can be stolen. Question whether every form field truly requires accurate information
• Regularly review account activity across all important accounts
• Remove metadata from files before uploading them to services, reducing the personal information at risk
• Use email aliases for different services so you can immediately identify which company was breached when spam starts arriving

The first 48 hours after discovering a breach are critical. Act quickly, stay methodical, and you can significantly limit the damage. Bookmark this guide so you have it ready when — not if — the next breach notification arrives.