What to Do Immediately After a Data Breach

Beginner Time: 30-60 minutes Category: Identity Protection

You just received a data breach notification. Whether it came from a company, a news report, or a monitoring service, the next 60 minutes matter. This guide gives you a prioritized, step-by-step action plan to minimize the damage and protect your identity.

Why This Matters

Speed matters after a breach. Research from Javelin Strategy shows that victims who take action within 48 hours of a breach notification experience significantly lower financial losses than those who wait. Stolen credentials are often sold and used within days or even hours of a breach. In 2023 alone, over 3,200 data breaches were reported in the US, exposing over 350 million records. The window between notification and criminal exploitation of your data is shrinking, making a rapid response critical.

Step-by-Step Instructions

  1. Verify the breach notification is legitimate. Do not click links in the email or text. Instead, go directly to the company's website by typing the URL in your browser. Check the company's official communications or news coverage to confirm the breach is real. Scammers frequently send fake breach notifications as phishing attacks.
  2. Determine what data was exposed. Read the breach notice carefully. Was it just email addresses? Passwords? Financial data? Social Security numbers? Your response should be proportional to what was leaked.
  3. Change the password on the breached account immediately. Use your password manager to generate a new, strong, unique password. If you reused this password on any other site, change it everywhere immediately.
  4. Enable 2FA on the breached account if it is not already enabled. Use an authenticator app, not SMS, as your second factor.
  5. If passwords were exposed: Check every account where you used the same or a similar password and change all of them. Attackers use credential stuffing to try breached passwords across hundreds of popular sites automatically.
  6. If financial data was exposed (credit cards, bank accounts): Contact your bank or card issuer immediately to freeze or replace the affected cards. Review your recent transactions for unauthorized charges.
  7. If your SSN was exposed: Freeze your credit at all three bureaus (Equifax, Experian, TransUnion) immediately. Set up an IRS Identity Protection PIN. File a report at identitytheft.gov.
  8. Set up ongoing monitoring: Enroll in any free credit monitoring the breached company offers. Sign up for alerts at Have I Been Pwned. Check your credit reports weekly for the next 6-12 months at annualcreditreport.com.
  9. Document everything: Save the breach notification, screenshots of any unauthorized activity, and records of all steps you took. This documentation is critical if you need to dispute charges or file an identity theft report.

Common Mistakes to Avoid

  • Clicking links in breach notification emails: Always navigate to the company's website directly. Phishing emails disguised as breach notifications are extremely common.
  • Changing only the breached password: If you reused that password anywhere else, every account with that password is now compromised. Change them all.
  • Ignoring the notification because it seems minor: Even a "just email addresses" breach gives attackers a confirmed, active email to target with phishing campaigns.
  • Not taking the free credit monitoring: Companies that offer free monitoring after a breach are doing so because the exposure is serious enough to warrant it. Use it.

Additional Tips

  • Keep a "breach response checklist" saved in your password manager so you can act quickly without having to think through the steps during a stressful moment.
  • If the breached company offers a settlement or payout, file your claim. Class action settlements from breaches like Equifax have paid out to individuals who filed.
  • Use this event as motivation to audit all your accounts: update weak passwords, remove unused accounts, and enable 2FA everywhere.

Last updated: February 10, 2026