What to Do Immediately After a Data Breach Affects You
A step-by-step action guide for responding to a data breach — from securing your accounts and freezing credit to monitoring for identity theft and knowing your legal rights.
Your Data Was Just Stolen. Here's Your Next 72 Hours.
In 2023, the Identity Theft Resource Center tracked 3,205 data compromises in the United States — a 78% increase over 2022 and an all-time record. The average American's personal information has already appeared in at least one significant breach: the 2021 Facebook breach exposed 533 million records; the 2023 MOVEit vulnerability hit over 2,000 organizations affecting 94 million individuals. When you receive a breach notification — or discover your data in a breach dump on Have I Been Pwned — the next 72 hours matter more than anything that comes after.
Step 1: Confirm the Breach and What Was Exposed
Read the breach notification carefully. What type of data was compromised? The risk profile differs significantly:
| Data Exposed | Risk Level | Immediate Priority Action |
|---|---|---|
| Email and password | High | Change password on breached site and all sites where password was reused |
| Social Security number | Critical | Freeze credit immediately at all three bureaus |
| Financial account numbers | Critical | Contact financial institution; monitor for unauthorized transactions |
| Health information (PHI) | High | Monitor for fraudulent medical billing; check explanation of benefits |
| Driver's license / passport number | High | Report to issuing agency; monitor for synthetic identity fraud |
| Name and email only | Moderate | Be alert for targeted phishing using your name |
Use HaveIBeenPwned.com to check whether your email address appears in known breach databases. The site is maintained by security researcher Troy Hunt and currently indexes over 13 billion breached accounts.
Step 2: Secure the Affected Account Immediately
Log into the breached service and change your password immediately — before attackers do. Use a password that is at least 16 characters long, randomly generated, and unique to that site. If you don't use a password manager, now is the time to start. Bitwarden, 1Password, and Dashlane are well-reviewed options; they generate and store unique random passwords for every site, eliminating the password-reuse vulnerability that turns a single breach into a cascade.
Enable two-factor authentication (2FA) on the breached account and on every other account using the same password or email address. Authenticator apps (Authy, Google Authenticator, Microsoft Authenticator) are more secure than SMS-based 2FA, which is vulnerable to SIM-swapping attacks.
Step 3: Freeze Your Credit
If your Social Security number, date of birth, or financial account information was exposed, freeze your credit at all three major bureaus. A credit freeze — formally called a security freeze — is free by federal law (since 2018), takes effect immediately online, and prevents anyone (including you) from opening new credit accounts until you lift it. You must freeze at each bureau separately:
- Equifax — equifax.com/personal/credit-report-services
- Experian — experian.com/freeze/center.html
- TransUnion — transunion.com/credit-freeze
Also consider freezing at smaller specialty bureaus: ChexSystems (bank accounts), NCTUE (utility accounts), and Innovis (used by some lenders). The FTC maintains a comprehensive list. A freeze does not affect your credit score, existing accounts, or your ability to use current credit cards.
Step 4: Place a Fraud Alert
A fraud alert requires lenders to take extra verification steps before opening credit in your name. You only need to contact one bureau — they're required to notify the other two. An initial fraud alert lasts one year. If you've already been a victim of identity theft, an extended fraud alert lasts seven years. Fraud alerts are weaker than freezes but easier to work with if you're actively applying for credit.
Step 5: Monitor Financial Accounts and Set Up Alerts
Log into every bank account, credit card, and investment account linked to the compromised email or credentials. Review transaction history for the past 30–90 days for unauthorized activity. Set up real-time transaction alerts — most banks offer SMS or email notifications for every transaction over a threshold you set. Set yours to $0 or $1 to catch any unauthorized charge immediately.
- Report unauthorized transactions to your bank within 60 days (Regulation E for bank accounts; 60-day rule for credit cards)
- File a dispute directly with the financial institution; most resolve within 10 business days
- If you receive fraudulent medical bills, contact the healthcare provider's billing department and your insurer's fraud department
Step 6: Watch for Targeted Follow-On Attacks
Breached data immediately generates targeted attacks. Criminals use the information to craft convincing phishing emails, call you impersonating your bank or a government agency, or attempt SIM swapping to take over your phone number. After a breach involving your phone number and name, be especially skeptical of unexpected calls from your carrier or financial institution. Hang up and call back using the number on their official website.
| Attack Type | How It Uses Breached Data | Defense |
|---|---|---|
| Spear phishing | References your real name, address, or account details to seem credible | Verify requests independently; never click breach notification links |
| SIM swapping | Uses personal data to socially engineer carrier into porting your number | Add a PIN/passcode to your carrier account; use authenticator app instead of SMS 2FA |
| Account takeover | Tests breached credentials on other services (credential stuffing) | Unique passwords per site; 2FA everywhere |
| Synthetic identity fraud | Combines your SSN with a different name to create new credit identity | Credit freeze; annual free credit reports at AnnualCreditReport.com |
Your Legal Rights After a Breach
The organization that was breached may owe you more than a notification letter. Many states require companies to provide free credit monitoring to affected individuals when SSNs were exposed. The FTC's IdentityTheft.gov provides a personalized recovery plan and generates official dispute letters for creditors, the IRS, and government agencies. Class action lawsuits following major breaches often result in settlement funds for affected consumers — the Equifax 2017 breach settlement distributed up to $125 in cash or 10 years of free credit monitoring per affected individual.
Related Articles
cybersecurity
Endpoint Detection and Response (EDR): How Modern Threat Defense Works
An encyclopedic guide to Endpoint Detection and Response covering real-time monitoring, behavioral analysis, threat hunting, and how EDR platforms differ from traditional antivirus solutions.
10 min read
cybersecurity
How Antivirus Software Works: Detection Methods and Protection
Understand how antivirus software works, including signature-based detection, heuristic analysis, behavioral monitoring, and real-time protection mechanisms.
8 min read
cybersecurity
How Blockchain Consensus Mechanisms Validate Transactions
Blockchain networks use Proof of Work, Proof of Stake, and other consensus mechanisms to validate transactions without central authority. Compare their tradeoffs and energy costs.
9 min read
cybersecurity
How Cloud Security Misconfigurations Happen and How to Prevent Them
Misconfiguration is the leading cause of cloud data breaches. Learn how S3 buckets get exposed, IAM policies fail, and what the Shared Responsibility Model means for your security.
9 min read