You just got an email saying a company you use was hacked and your personal information was exposed in a data breach. Maybe it was your email provider, a retailer, a social media platform, or your health insurance company. Your heart sinks. What now?
First: don’t panic. A data breach notification doesn’t mean your identity has been stolen — it means your information is at risk. What you do in the next few hours determines whether that risk turns into real damage.
This guide gives you the exact steps to take — in the right order — to protect yourself after a data breach.
In this guide:
- Immediate actions (first 24 hours)
- Short-term protection (first week)
- Long-term prevention
- How data breaches connect to data brokers
- How to prevent future breach damage
Quick first step: While you work through this guide, run a free Optery scan to see what other personal information is publicly available about you on data broker sites. Breached data becomes more dangerous when combined with the personal details data brokers already have on you.
Immediate Actions: First 24 Hours
Time matters after a data breach. Take these steps as soon as possible:
Step 1: Find Out What Was Exposed
Read the breach notification carefully. Companies are required to tell you what types of data were compromised. Common categories include:
Low severity: Email address only — change your password on that service and watch for increased phishing
Medium severity: Email + password — change passwords immediately on the breached service AND any other account using the same password
High severity: Name + email + phone + address — your personal details are now in criminal hands. Follow every step in this guide
Critical severity: Social Security number, financial data, medical records — take all steps below plus freeze your credit immediately
The severity determines how urgently you need to act. But even “low severity” breaches deserve attention because criminals combine data from multiple breaches to build complete profiles.
Step 2: Change Your Passwords
Start with the breached account. Change the password on whatever service was breached. Use a strong, unique password — at least 16 characters with a mix of letters, numbers, and symbols. Better yet, use a password manager to generate one.
Then change any reused passwords. If you used the same password (or a similar one) on other accounts, change those immediately. Criminals try breached passwords on every major platform — email, banking, social media, shopping — within hours of a breach. This is called credential stuffing and it’s extremely effective against people who reuse passwords.
Priority order for password changes:
- The breached service
- Your email account (the master key to everything)
- Banking and financial accounts
- Social media accounts
- Any account using the same or similar password
Step 3: Enable Two-Factor Authentication
After changing passwords, enable 2FA on every important account — especially your email. Use an authenticator app (Google Authenticator, Authy) rather than SMS codes. SMS-based 2FA is vulnerable to SIM swapping attacks, which criminals often attempt after obtaining your phone number from a breach.
Step 4: Freeze Your Credit (If SSN Was Exposed)
If the breach included your Social Security number or financial information, freeze your credit immediately with all three bureaus:
- Equifax: equifax.com/personal/credit-report-services/credit-freeze/ or call 1-800-349-9960
- Experian: experian.com/freeze or call 1-888-397-3742
- TransUnion: transunion.com/credit-freeze or call 1-888-909-8872
This is free, takes 10 minutes, and prevents anyone from opening new accounts in your name. Do it now — don’t wait to see if anything happens.
Short-Term Protection: First Week
After handling the immediate crisis, take these steps within the first week after a data breach:
Step 5: Check for Unauthorized Access
Review recent activity on all your important accounts:
Email: Check sent folder for messages you didn’t send. Look for forwarding rules you didn’t create (scammers set up email forwarding to monitor your messages). Review login history for unfamiliar locations or devices.
Banking: Review all recent transactions. Set up transaction alerts if you haven’t already. Report any unauthorized charges to your bank immediately — you typically have 60 days to dispute fraudulent transactions.
Social media: Check for posts you didn’t make, messages you didn’t send, and account settings that were changed without your knowledge.
Step 6: Remove Your Data from Data Broker Sites
Here’s the step most data breach guides skip entirely — and it’s one of the most important.
When a breach exposes your email, phone number, or address, criminals combine that data with information already publicly available on data broker sites. Your breached email + your name, home address, and date of birth from data brokers = everything needed for identity theft.
Removing your data from broker sites makes breached data significantly less useful to criminals.
Optery — Our top recommendation. Free scan to see your exposure on data broker sites. Paid plans ($39-$249/year) automate removal from 350+ sites with continuous monitoring. Read our full Optery review →
Incogni — Best budget option. Covers 180+ data brokers for $6.49/month billed annually. Read our full Incogni review →
Step 7: File an FTC Report (If Needed)
If you’ve experienced actual identity theft or fraud as a result of the breach, file a report at IdentityTheft.gov. The FTC creates a personalized recovery plan and generates documents you need to dispute fraudulent accounts.
If you haven’t experienced fraud yet but your SSN was exposed, consider filing a report anyway — it creates a paper trail if fraud occurs later.
Step 8: Monitor Your Credit Reports
Pull your free credit reports from annualcreditreport.com and review them for unfamiliar accounts, inquiries, or addresses. You’re entitled to free reports from each bureau weekly.
Set up a regular schedule to check your reports — monthly for the first 6 months after a breach, then quarterly after that.
Long-Term Prevention
A data breach is a wake-up call to strengthen your overall security posture. Here’s how to minimize damage from future breaches:
Step 9: Get a Password Manager
If this breach taught you anything, it’s that reusing passwords is dangerous. A password manager (Bitwarden is free and excellent) generates and stores unique, strong passwords for every account. This way, one breach can never compromise your other accounts.
Step 10: Use Secondary Contact Information
Secondary email: Use a separate email address for non-essential accounts (shopping, newsletters, social media). When these services get breached, your primary email stays clean.
Secondary phone number: Get a free Google Voice number for online forms and signups. This keeps your real phone number out of breach databases.
Step 11: Set Up Ongoing Monitoring
Have I Been Pwned notifications. Sign up at haveibeenpwned.com to receive automatic notifications if your email appears in future breaches.
Google Alerts. Set up alerts for your name, phone number, and email so you’re notified when new content containing your information appears online.
Continuous data broker monitoring. Services like Optery and Incogni continuously scan data broker sites and remove your information when it appears. This ongoing protection is especially important after a breach, since breached data often feeds back into data broker databases.
Step 12: Review What Companies Have Your Data
A breach is a good time to audit which companies have your personal information. Unsubscribe from services you no longer use. Delete old accounts. Request data deletion where possible. The fewer companies that have your data, the fewer breaches can affect you.
How Data Breaches and Data Brokers Work Together
Most people think of a data breach and data brokers as separate problems. They’re not — they’re two parts of the same threat:
Breaches provide stolen data. Email addresses, passwords, SSNs, credit card numbers — raw stolen data from hacked companies.
Data brokers provide context. Your name, home address, phone number, date of birth, family members, employer — the publicly available personal details that make stolen data actionable.
Together they enable identity theft. A stolen SSN from a breach is dangerous. A stolen SSN combined with your full name, address, date of birth, and mother’s maiden name from data broker sites is devastating — that’s everything needed to open accounts, file tax returns, and commit fraud in your name.
This is why removing your data from data broker sites is a critical step after any breach — it limits what criminals can do with whatever they stole. Run a free Optery scan to see what data brokers currently have on you.
Your Data Breach Action Plan (Summary)
Here’s the complete data breach response plan in order:
First 24 hours:
- Read the breach notification — determine what was exposed
- Change passwords (breached service first, then email, then banking)
- Enable 2FA on all important accounts
- Freeze your credit if SSN or financial data was exposed
First week:
- Check all accounts for unauthorized access
- Run a free Optery scan and remove data from broker sites
- File an FTC report at IdentityTheft.gov if needed
- Pull and review your credit reports
Long-term:
- Get a password manager and create unique passwords everywhere
- Set up secondary email and Google Voice number
- Set up ongoing monitoring (Have I Been Pwned, Google Alerts, Optery or Incogni)
- Audit and reduce the number of companies that have your data
The faster you act, the less damage a breach can cause. Bookmark this page — you’ll want it ready the next time a breach notification lands in your inbox.
Frequently Asked Questions
What’s the first thing I should do after a data breach?
Change your password on the breached service immediately, then change it on any other accounts using the same password. Your email password should be changed next since email is the master key to all other accounts.
Should I freeze my credit after every data breach?
If the breach exposed your Social Security number or financial information, yes — freeze your credit immediately. For email-only breaches, a freeze isn’t strictly necessary but is still a good precaution. Full credit freeze guide →
How do I know if my data was in a breach?
Companies are required to notify you if your data was compromised. You can also proactively check at haveibeenpwned.com by entering your email address — it checks against billions of breached records.
Why should I remove my data from data broker sites after a breach?
Data brokers publicly list your name, address, phone number, and other details. Criminals combine this with breached data to commit identity theft. Removing your data from broker sites makes breached data significantly less useful. Start with a free Optery scan.
Can I sue a company that exposed my data in a breach?
In some cases, yes — particularly if the company was negligent in protecting your data. Class action lawsuits are common after major breaches. Check if a class action has been filed for the specific breach affecting you. We’re not lawyers and can’t provide legal advice on specific cases.
How long should I monitor my accounts after a breach?
At minimum, monitor closely for 6-12 months after a breach. Criminals sometimes sit on stolen data for months before using it. Ideally, set up permanent monitoring through Google Alerts and continuous data broker monitoring through Optery or Incogni.
Will the company offer free credit monitoring after the breach?
Many companies offer 1-2 years of free credit monitoring after a breach. Accept it if offered — it’s better than nothing. But credit monitoring only alerts you after fraud occurs. For proactive protection, combine it with data broker removal to reduce your exposure before fraud happens.
This post contains affiliate links. If you purchase through our links, we may earn a commission at no extra cost to you. See our affiliate disclosure for details.