Data Breach Response: What to Do When Your Information Is Exposed
Receiving a data breach notification does not mean fraud has occurred — yet. Here is the exact response protocol to protect yourself before thieves can use your exposed information.
Create a free account to track guides you've read and save tool results.
Breach Notification Received — Now What?
Data breach notifications are now routine — hundreds of millions of Americans receive them every year. A notification means your information was exposed, not necessarily that it has been used for fraud. The window between exposure and actual fraud varies from days to years, which means prompt action is highly effective at preventing harm.
Immediate Response Protocol
Within 24 Hours
- Read the notification carefully. Determine exactly what information was exposed: name and address, SSN, financial account numbers, username/password, medical data, etc. The response depends on the type of data.
- Change your passwords on any accounts the breached company may have had credentials for. Also change passwords on any other account where you used the same password (password reuse is the reason credential-stuffing attacks succeed).
- Enable two-factor authentication on email, banking, and financial accounts if not already enabled.
If Social Security Number Was Exposed
This is the highest-priority exposure. An exposed SSN enables new-account fraud, tax fraud, and medical identity theft.
- Place a security freeze at all three major credit bureaus (Equifax, Experian, TransUnion) — this is the single most protective action
- Also freeze at ChexSystems (used by banks for deposit accounts) and Innovis
- Register for an IRS Identity Protection PIN at irs.gov/ippin
- Consider filing a "precautionary" fraud alert at one bureau (notifies all three)
If Financial Account Numbers Were Exposed
- Contact your bank or card issuer immediately and request new account numbers
- Review recent transactions for unauthorized charges
- Set up transaction alerts (real-time texts/emails for every charge)
The Free Credit Monitoring Offer in the Breach Notice
Most breach notifications include an offer for free credit monitoring through a specific service. Accept it — it is typically 1–2 years of monitoring at no cost. However, do not rely on it alone: also set up your own monitoring through Credit Karma or Experian's free tier, and check your full reports at AnnualCreditReport.com quarterly. Breach-related monitoring often covers only one bureau.
Monitoring Timeline After a Breach
| Timeframe | Risk Level | Action |
|---|---|---|
| 0–90 days | Highest | Weekly report checks; review all financial statements |
| 90 days – 1 year | Elevated | Monthly checks; watch for unfamiliar inquiries |
| 1–3 years | Moderate | Quarterly checks; stolen SSN data can sit dormant for years |
| 3+ years | Lower but ongoing | Annual full report review; keep monitoring active |
If you discover actual fraud after a breach, follow the complete identity theft response checklist.
Educational content only. This page is for informational purposes and does not constitute legal, tax, or personal financial advice. Results vary. Laws and bureau processes change. Consult the CFPB, FTC, and AnnualCreditReport.com for authoritative guidance. Full disclaimer
Save your progress — it's free
Create a free account to save tool results, dispute letter drafts, and track your credit improvement checklist.