Another Breach Notification. Now What?

You get the email: a company you have an account with has been breached. Your name, email address, and possibly more have been exposed. It happens so often now that many people just delete the notification and move on. That is a mistake.

In 2025 alone, over 3,200 publicly disclosed data breaches exposed more than 8 billion records. The average American's personal data has appeared in at least five breaches. Each one adds to the pool of information available to criminals, scammers, and data brokers who profit from your exposed data.

This guide covers exactly what to do after a data breach, from the first hour to the months that follow.

Immediate Steps (First 24 Hours)

The window after a breach matters. Criminals act fast, and so should you.

Step 1: Confirm the Breach Is Real

Before doing anything, verify the breach notification is legitimate. Scammers send fake breach alerts to trick people into clicking malicious links.

Check the company's official website or social media for announcements
Look for coverage in major news outlets
Visit HaveIBeenPwned.com and enter your email to see if the breach is listed
Do not click links in the notification email. Navigate to the company's site directly

Step 2: Change Your Password Immediately

Change the password on the breached account. If you used that same password on any other account, change those too. This is the single highest-priority action because credential stuffing attacks, where criminals test stolen passwords on hundreds of other services, begin within hours of a breach.

Use a password manager to generate a strong, unique password for every account going forward. A good password is at least 16 characters long and random. No birthday. No pet name. No variation of "Password123."

Step 3: Enable Two-Factor Authentication

If the breached account supports two-factor authentication (2FA) and you have not enabled it, do it now. Prefer authenticator apps like Authy, Google Authenticator, or a hardware security key over SMS-based 2FA. SIM-swapping attacks can intercept text message codes.

Enable 2FA on all high-value accounts: email, banking, social media, and cloud storage. Your email account is the most critical because it is the recovery method for everything else.

Step 4: Check What Data Was Exposed

The breach notification should specify what types of data were compromised. Your response needs to match the severity of what was exposed.

Email and password only: Change passwords, enable 2FA. Monitor for phishing attempts using your email.

Phone number exposed: Watch for SIM-swapping attempts. Contact your mobile carrier and add a PIN or passphrase to your account.

Home address exposed: Be alert for mail fraud. Consider a USPS Informed Delivery account to monitor what is being mailed to your address.

Social Security Number exposed: This is the most serious scenario. Proceed immediately to the credit protection steps in the next section.

Financial data exposed: Contact your bank or card issuer. They will issue new account numbers and cards. Monitor statements closely for unauthorized charges.

Credit Protection Steps

If the breach exposed your Social Security Number, financial data, or enough personal information for identity theft, take these steps.

Step 5: Freeze Your Credit

A credit freeze is the single most effective defense against identity theft. It prevents anyone, including you, from opening new credit accounts in your name until you lift the freeze. It is free at all three credit bureaus.

Equifax: equifax.com/personal/credit-report-services or call 800-685-1111
Experian: experian.com/freeze or call 888-397-3742
TransUnion: transunion.com/credit-freeze or call 888-909-8872

You must freeze at all three separately. Each will give you a PIN to lift the freeze when you legitimately need to apply for credit. This takes about 10 minutes per bureau.

A credit freeze does not affect your credit score, does not prevent you from using existing accounts, and does not expire. It is one of the most underused financial protections available.

Step 6: Place a Fraud Alert

A fraud alert is a lighter alternative that requires creditors to verify your identity before opening new accounts. You only need to contact one bureau, and they will notify the other two. Fraud alerts last one year and can be renewed.

A fraud alert and a credit freeze can be used together. The freeze is stronger protection. The fraud alert adds a layer for situations where the freeze is temporarily lifted.

Step 7: Request Your Credit Reports

After a breach is the right time to pull your credit reports from all three bureaus. Go to AnnualCreditReport.com, the only federally authorized site for free credit reports. Look for:

Accounts you do not recognize
Hard inquiries you did not initiate
Addresses that are not yours
Name variations you have never used

If you find anything suspicious, dispute it with the bureau immediately and file an identity theft report with the FTC at IdentityTheft.gov.

Monitoring Phase (Weeks 1-4)

The first month after a breach is the highest-risk period. Stay vigilant.

Step 8: Monitor Your Financial Accounts

Check your bank and credit card statements daily for the first few weeks. Set up transaction alerts if your bank offers them, so you get notified of every charge in real time. Many banks allow you to set a threshold as low as one dollar.

Watch for small test transactions. Criminals often make a small charge first to verify a stolen card works before making larger fraudulent purchases.

Step 9: Watch for Phishing Attacks

After a breach, attackers often use the stolen data to craft targeted phishing emails. If a breach exposed your name, email, and the company you had an account with, expect phishing emails that reference that exact relationship. They might say things like: "Your [Company Name] account requires verification" or "Click here to claim your breach settlement."

Rules for post-breach phishing defense:

Do not click links in any email that references the breach
Navigate to websites directly by typing the URL
Be suspicious of urgency. "Act now or lose your account" is a red flag
Verify requests by calling the company using a number from their official website

Step 10: Accept or Decline Free Monitoring

Many companies offer free credit monitoring after a breach. This is worth accepting, but understand its limitations. Credit monitoring tells you after someone has opened an account in your name. A credit freeze prevents it from happening in the first place. Use both if offered, but do not treat monitoring as a substitute for a freeze.

Long-Term Protection

The effects of a data breach do not end after a month. Stolen data circulates for years.

Step 11: Remove Your Data from Broker Sites

Here is what most breach response guides miss: when your data is exposed in a breach, it does not just sit in some criminal's hands. It spreads. Breached information gets aggregated into data broker databases, combined with information from other sources, and made searchable by anyone.

A data breach that exposed your name, email, and phone number may result in your full profile, including home address, family members, and more, appearing on people-search sites within weeks. Removing your data from these aggregation points limits the damage.

Run a free scan with GhostMyData to see where your breached data has spread to data broker sites. The scan checks over 150 brokers and shows you exactly what personal information is publicly accessible. Cleaning up data broker listings after a breach is one of the most effective steps you can take to limit your exposure going forward.

Step 12: Reduce Your Attack Surface

Every breach is a reminder that the less data companies hold about you, the less there is to steal. Going forward:

Delete accounts you no longer use
Provide the minimum information required when creating accounts
Use email aliases so each service has a different address
Regularly review and revoke app permissions on your phone
Opt out of data sharing when given the choice

Step 13: Create a Breach Response Plan

If you have been through one breach, statistically you will go through more. Having a plan saves time and reduces stress.

Keep a document with:

Your credit freeze PINs for all three bureaus
A list of your high-priority accounts (banks, email, insurance)
Your password manager's recovery method
Contact numbers for your banks and card issuers
The FTC's identity theft site: IdentityTheft.gov

When a Breach Gets Serious

If you discover evidence of actual identity theft, such as accounts you did not open, tax returns filed in your name, or medical bills for services you did not receive, escalate immediately:

File an identity theft report at IdentityTheft.gov
File a police report with your local department
Contact the fraud departments at all affected companies
Consider an extended fraud alert (7 years) or identity theft freeze
If a tax return was filed in your name, contact the IRS Identity Protection Unit

The Bigger Picture

Data breaches are not slowing down. The number of breaches, the volume of records exposed, and the sophistication of attacks all continue to increase. Waiting until a breach happens to think about protection is like buying insurance after the fire starts.

The most effective defense combines prevention, which includes strong passwords, 2FA, and a minimal digital footprint, with rapid response when breaches inevitably occur. Freezing your credit, monitoring your accounts, and keeping your data off broker sites are the actions that make the biggest difference.

What to Do After a Data Breach: Step-by-Step