← Back to Identity Theft

Data Breach Response Guide

What to do when your information is compromised in a data breach

What Is a Data Breach?

A data breach occurs when unauthorized parties access sensitive information from databases, systems, or networks. Your personal information may be stolen and sold or used for fraud.

How You'll Be Notified

  • Email from breached company
  • Letter by mail
  • News reports
  • Website announcement
  • Account login notification

Immediate Actions (First 24 Hours)

1. Verify the Breach Notification

  • Confirm email is legitimate (not phishing)
  • Check company's official website
  • Search news for breach confirmation
  • Don't click links in emails - go directly to site

2. Determine What Was Compromised

Different data requires different responses:

  • Email only: Change password
  • Passwords: Change everywhere you used that password
  • Credit card: Monitor statements, request new card
  • SSN: Fraud alert or freeze, monitor credit
  • Bank account: Monitor, consider closing/changing numbers
  • Medical info: Monitor EOBs and medical records

3. Change Passwords Immediately

  • Change password on breached account
  • Change passwords on all accounts using same password
  • Use unique, strong passwords (12+ characters)
  • Enable 2-factor authentication
  • Consider password manager

Actions Based on What Was Stolen

Email Addresses Only

  • Expect increase in phishing emails
  • Be extra vigilant about suspicious emails
  • Don't click links or download attachments
  • Report phishing attempts

Passwords

  • Change on breached site immediately
  • Change on any site using same password
  • Enable 2FA everywhere possible
  • Monitor accounts for unauthorized access

Credit/Debit Card Numbers

  • Request new card with new number
  • Monitor statements daily
  • Set up account alerts
  • Dispute any fraudulent charges immediately

Social Security Numbers

  • Place fraud alert or credit freeze
  • Monitor credit reports
  • File tax return early
  • Request IP PIN from IRS
  • Monitor SSA earnings statement

Bank Account Information

  • Monitor account daily
  • Set up transaction alerts
  • Consider closing and opening new account
  • Update direct deposits and auto-payments

Medical Information

  • Contact health insurance company
  • Review all EOBs
  • Request medical records review
  • Place alert on insurance account

Take Advantage of Breach Services

Free Credit Monitoring

Most breached companies offer:

  • 1-2 years free credit monitoring
  • Often three-bureau monitoring
  • Identity theft insurance
  • Dark web monitoring

How to Enroll

  • Follow instructions in breach notification
  • Use provided enrollment code
  • Enroll within deadline (usually 90 days)
  • Set calendar reminder before service expires

Long-Term Protection

Monitor Your Accounts

  • Check credit reports every 3-4 months
  • Review bank statements weekly
  • Monitor credit card transactions
  • Watch for unfamiliar accounts or inquiries

Consider a Credit Freeze

  • Best protection after SSN breach
  • Free at all three bureaus
  • Prevents new account fraud
  • Easy to lift when needed

Stay Vigilant for Years

  • Stolen data can be used years later
  • Monitor for 3-7 years minimum
  • Never stop checking credit reports
  • Keep fraud alerts or freeze active

Beware of Post-Breach Scams

Common Tactics

  • Fake breach notifications (phishing)
  • Fake credit monitoring offers
  • Requests for sensitive info "to verify account"
  • Calls claiming to be from breached company
  • Malware in "security update" emails

Red Flags

  • Requests for payment to "fix" your account
  • Pressure to act immediately
  • Requests for SSN, passwords, or account numbers
  • Links to unfamiliar websites
  • Spelling errors or poor grammar

Document Everything

  • Save breach notification email/letter
  • Screenshot company announcements
  • Keep records of actions taken
  • Track monitoring service enrollment
  • Note expiration dates

Know Your Rights

Company Responsibilities

  • Must notify you of breach
  • Often required to offer credit monitoring
  • May be liable for damages

Your Rights

  • Free credit reports if identity theft occurs
  • Place fraud alerts or freezes
  • Dispute fraudulent information
  • Not responsible for fraudulent charges (usually)
  • May join class action lawsuits

Specific Breach Types

Healthcare Breaches

  • Review medical records thoroughly
  • File amendments for incorrect info
  • Monitor insurance benefits
  • Watch for medical bills for unfamiliar services

Retailer Breaches

  • Monitor credit card statements
  • Watch for fraudulent purchases
  • Request new card if card number stolen
  • Often card companies issue new cards automatically

Social Media Breaches

  • Change passwords immediately
  • Review privacy settings
  • Check for unauthorized posts
  • Alert friends/followers of potential phishing

Government Breaches

  • Particularly serious (often SSN involved)
  • Place credit freeze
  • File tax return early
  • Monitor for years

Prevention for Future

  • Use unique passwords for each account
  • Enable 2FA everywhere possible
  • Limit information shared online
  • Use password manager
  • Keep software updated
  • Use VPN on public WiFi
  • Check privacy settings regularly

Resources

  • Have I Been Pwned: Check if your email was in breach
  • IdentityTheft.gov: Report identity theft
  • AnnualCreditReport.com: Free credit reports
  • CFPB: File complaints about companies

Breach Response Help

Get professional assistance responding to data breaches.

Get Help