Your post-data-breach action list
If your personal information is exposed in a data breach, these 10 steps can help you limit the damage so you can get your digital life back on track.
Full Transparency
Our editorial transparency tool uses blockchain technology to permanently log all changes made to official releases after publication. However, this post is not an official release and therefore not tracked. Visit our learn more for more information.
Maybe you overlooked the early signs—password reset emails that you didn’t request or trouble logging in to some of your accounts—but now you’re seeing charges you don’t recognize on your credit card. And there’s an account you don’t recognize on your credit report. Be alert: You might be the victim of a data breach, and the perpetrators are now using your info to steal from you and from others.
Data breaches are a fact of life in our increasingly digital world: The FBI’s Internet Crime Complaint Center received more than 800,000 fraud complaints in 2022 (the latest info available), with losses exceeding $10 billion. Those are daunting numbers, but it doesn’t mean that consumers are helpless when a data breach happens.
Today, there are tried-and-true steps that individuals can take when a data breach occurs to minimize any potential damage. The key is being prepared to act as soon as possible after learning about a breach. Here’s what to do if your data is exposed.
Take notifications seriously. All US states have laws that require businesses and government organizations to notify individuals if their personal information is exposed in a data breach. If you receive one of these notifications—or if you see news headlines about a data breach at a company with which you’ve shared information in the past—act immediately and follow the additional steps in this list so you can monitor and protect your information. Also watch for follow-up information (sometimes sent via regular mail) so you can learn the extent of the breach and find out about any special help the company might offer.
Change passwords on key accounts. This obviously applies to directly affected accounts, but consider also updating the passwords connected to your financial and credit card accounts in case the data breach gives perpetrators access to that information as well. Never reuse old passwords! Make sure you use a strong, unique password for all of your accounts. Consider changing your username on these accounts, as well, if possible. And while you’re at it:
Enable multifactor authentication (MFA). This requires you to enter an additional layer of information, such as accepting a push notification, receiving a one time code or scanning biometrics after you enter your password. Learn more about how MFA works.
Use a password manager. These standalone applications store, and sometimes generate, unique, complex passwords for all the sites you log in to so you can ensure you are using a strong, unique password for your accounts. The best password managers also offer MFA (see above) and may scan for data breaches to help you stay informed of any potential issues. While most web browsers include a password manager, these get mixed reviews from security experts. Just be sure to research any password manager, including any breaches it may have had, before you start using it.
Move (or close) affected accounts or cards. If your bank or credit card issuer is the subject of the data breach, contact them about moving your existing accounts or closing them and opening new ones. This can help prevent any fraudulent transactions. Remember to update any automatic payments related to those accounts.
Initiate a fraud alert with one of the national credit bureaus. With a fraud alert in place, any lender who receives a credit application in your name is also warned that you may be a victim of identity theft. They are then asked to verify your identity before proceeding. If you’re the victim of a data breach, consider filing a fraud alert with any of the national credit bureaus—Experian, TransUnion or Equifax. The information will automatically be shared with the other bureaus.
Freeze your credit report. A freeze is more extensive than an alert. Simply put, placing a security freeze on your credit report limits all access to it. It means criminals can’t open accounts with your information, but it also means that creditors can’t access your account for legitimate reasons (like if you’re applying for a loan). You can freeze or thaw your credit report at any time; however, you need to contact each credit bureau separately (Experian, TransUnion and Equifax) to initiate or retract a freeze. It’s worth considering placing a freeze on your credit report as a preventative measure, especially if you don’t anticipate needing to apply for credit or a loan within the next few months.
Keep an eye on financial accounts and credit reports. Closely review your credit card and bank statements for suspicious activity after a data breach and contact the financial institution immediately if there are charges you don’t recognize. Don’t forget to watch savings and investment accounts, too.
Consider credit monitoring. Credit monitoring is a service (provided for a fee) where a third-party company will watch your credit report and alert you of any suspicious activity. Many businesses that suffer a data breach offer this service to the individuals impacted by the breach. Consider signing up for the service if it’s offered.
Watch out for phishing attacks. Once your info is out there due to a data breach—especially your email or mobile number—you might see an increase in phishing attacks where individuals send emails or texts to try to get you to divulge more sensitive information. Make especially sure that you recognize the address of the sender of any message—whether email or text—and do not click links or open attachments from any email address or mobile number that you do not recognize.
Verizon makes it easy to keep your account safe. Here’s how.
