What to Do After a Data Breach: Your Step-by-Step Action Plan

You get an email from a company you use: "We recently discovered a security incident that may have affected your personal information." Your stomach drops. Your name, email, phone number, maybe even your Social Security number — now in the hands of strangers.

Data breaches are no longer rare events. In 2024 alone, over 1 billion personal records were exposed globally. AT&T, Ticketmaster, Change Healthcare, Dell — the list grows every month. The question is not whether your data will be breached, but when.

Here is exactly what to do the moment you find out.

Step 1: Confirm the Breach Is Real

Before you panic, verify:

• Check the source — Did the notification come directly from the company's official email, or from a random address? Scammers use fake breach notifications to phish for more data.
• Visit the company's website — Look for an official announcement on their blog or security page.
• Check HaveIBeenPwned.com — Enter your email address to see which breaches include your data. This free service by security researcher Troy Hunt is the most reliable breach database.

Step 2: Change Your Passwords Immediately

Start with the breached service, then move to any other account where you used the same password.

Priority order:

1. The breached account itself
2. Your primary email account (this is the master key to all your other accounts)
3. Banking and financial accounts
4. Any account using the same or similar password

Password rules:

• Use a unique password for every account — no exceptions
• Minimum 16 characters with mixed case, numbers, and symbols
• Use a password manager (1Password, Bitwarden, or Apple Keychain)
• Never reuse a password that was in a breach

Step 3: Enable Two-Factor Authentication (2FA)

If you do not have 2FA enabled on your important accounts, do it now. A stolen password is useless if the attacker also needs a code from your phone.

2FA Method	Security Level	Best For
Hardware key (YubiKey)	Highest	Critical accounts (email, banking)
Authenticator app (Google Authenticator, Authy)	High	Most accounts
SMS codes	Medium	Better than nothing, but vulnerable to SIM swapping
Email codes	Low	Only if no other option available

Step 4: Freeze Your Credit

If Social Security numbers, government IDs, or financial information were exposed, freeze your credit immediately. A credit freeze prevents anyone from opening new accounts in your name.

In the United States:

• Equifax: equifax.com/personal/credit-report-services (or call 800-685-1111)
• Experian: experian.com/freeze (or call 888-397-3742)
• TransUnion: transunion.com/credit-freeze (or call 888-909-8872)

Freezing is free and does not affect your credit score. You can temporarily lift the freeze when you need to apply for credit.

Step 5: Monitor Your Financial Accounts

Set up alerts for every financial account you have:

• Bank accounts — Enable notifications for all transactions over $0
• Credit cards — Set up instant transaction alerts
• Credit monitoring — Use a free service like Credit Karma or the monitoring offered by the breached company
• Annual credit report — Check annualcreditreport.com for free reports from all three bureaus

Watch for these signs of fraud:

• Transactions you do not recognize
• New accounts you did not open
• Credit inquiries you did not authorize
• Mail or packages you did not order

Step 6: Secure Your Email

Your email account is the key to everything. If an attacker controls your email, they can reset passwords on all your other accounts.

• Change your email password to something unique and strong
• Enable 2FA with an authenticator app (not SMS)
• Review connected apps and remove any you do not recognize
• Check your email forwarding rules — attackers sometimes set up forwarding to silently copy your incoming mail
• Review recent login activity and sign out of unfamiliar sessions

Step 7: Watch for Phishing Attacks

After a data breach, attackers use your exposed information to craft convincing phishing emails. You might receive:

• Fake "security alert" emails asking you to "verify your account"
• Messages from "your bank" about suspicious activity
• Emails offering free credit monitoring that link to phishing sites

Golden rule: Never click links in emails about security incidents. Go directly to the company's website by typing the URL yourself.

Step 8: Document Everything

Keep a record of:

• The breach notification (screenshot or save the email)
• All passwords you changed and when
• Any fraudulent transactions or accounts you discover
• Reports you filed with credit bureaus, banks, or law enforcement
• Time spent dealing with the breach (this matters for potential lawsuits)

What Was Exposed Determines Your Risk Level

Data Exposed	Risk Level	Actions Required
Email only	Low	Change password, watch for phishing
Email + password	High	Change all accounts using that password, enable 2FA
Name + address + phone	Medium	Watch for targeted phishing, social engineering
SSN / Government ID	Very High	Freeze credit, file identity theft report, consider identity theft protection
Financial data	Very High	Alert bank, monitor all accounts, freeze credit
Medical records	High	Monitor insurance statements, report to HHS

When to File an Identity Theft Report

File a report with the FTC at IdentityTheft.gov if:

• Someone opened accounts in your name
• You notice unauthorized transactions
• Your tax return was filed by someone else
• You received bills for services you did not use

The FTC report creates a recovery plan specific to your situation and generates official documents you can use with creditors and law enforcement.

Protect Your Sensitive Information Going Forward

A data breach is a wake-up call. Going forward:

• Use unique passwords everywhere (a password manager makes this painless)
• Enable 2FA on every account that supports it
• Minimize the data you share with companies — do they really need your birthday?
• Use masked email addresses for non-essential signups
• Share sensitive information through secure, expiring channels instead of email or chat

When you need to share passwords, account numbers, or other sensitive details with someone, use LOCK.PUB to create a password-protected memo that auto-expires. It is a simple way to keep sensitive information out of permanent chat histories and email threads.

Your Breach Response Checklist

Use this checklist immediately after learning of a breach:

• Verify the breach is real (official source, HaveIBeenPwned)
• Change the password on the breached account
• Change passwords on any accounts sharing the same credentials
• Enable 2FA on all important accounts
• Freeze credit at all three bureaus (if SSN exposed)
• Set up transaction alerts on financial accounts
• Secure your primary email account
• Monitor for phishing attempts
• Check credit reports for unauthorized accounts
• File an FTC identity theft report (if needed)
• Document everything

The first 48 hours after discovering a breach are the most critical. Act fast, stay methodical, and protect yourself with the tools available — starting with LOCK.PUB for any sensitive information you need to share securely.

Create a Secure Memo →