What to Do After a Data Breach: Step-by-Step Checklist
Major data breaches happen weekly. AT&T, Ticketmaster, Change Healthcare, National Public Data โ hundreds of millions of records exposed in 2024 alone. But here's what most people don't realize: a single breach can compromise dozens of your accounts if you've ever reused a password.
The first step is knowing whether you're affected.
๐ Check if your email was in a breach
Checks against the HaveIBeenPwned database of 14+ billion breached records. Shows which breaches, dates, and what data was exposed.
Check My Email โThe 7-Step Response Checklist
1 Identify what was exposed. Use our breach checker to see which breaches included your email and what data types were compromised. The response differs significantly depending on whether just your email was leaked versus your password, phone number, physical address, or Social Security number.
2 Change the breached password immediately. If the breach included passwords (even hashed ones), change it on the affected service right now. Don't wait. Use our password strength checker to verify your new password is strong โ it should take centuries to crack, not hours.
3 Change every account where you reused that password. This is the critical step most people skip. If you used the same password on your email, banking, and shopping accounts, attackers will try all of them. This is called credential stuffing โ automated tools test stolen credentials across hundreds of popular services.
4 Enable two-factor authentication (2FA) on every important account โ especially email, banking, and social media. Even if an attacker has your password, 2FA requires a second verification step. Use an authenticator app (like Google Authenticator or Authy) rather than SMS, as SIM-swapping attacks can bypass text-message codes.
5 Freeze your credit if the breach exposed your Social Security number, full legal name, or date of birth. Contact all three credit bureaus โ Equifax (equifax.com/personal/credit-report-services/credit-freeze), Experian (experian.com/freeze), and TransUnion (transunion.com/credit-freeze). A credit freeze is free, prevents new accounts from being opened in your name, and can be temporarily lifted when you need to apply for credit.
6 Monitor your accounts. Watch for unauthorized transactions, password reset emails you didn't request, login notifications from unfamiliar locations, and new accounts you didn't open. Set up transaction alerts on your bank and credit card accounts. Stolen data is often sold on dark web markets and may be exploited weeks or months after the initial breach.
7 Start using a password manager. The only realistic way to use unique, strong passwords on every account is with a password manager. It generates and stores complex passwords so you only need to remember one master password. This makes credential stuffing impossible โ a breach of one service can never compromise another.
What the Breach Type Means for You
Email address only
Lower risk, but expect increased phishing attempts. Be extra cautious of emails pretending to be from services you use. Attackers now know where you have accounts and can craft targeted phishing messages.
Password (even hashed)
High risk. Older hashing algorithms (MD5, SHA-1) can be cracked quickly. Even salted hashes from modern algorithms may be vulnerable to dictionary attacks if the password was common. Change the password immediately and everywhere you reused it.
Phone number
Enables SIM-swapping attacks, where attackers convince your carrier to transfer your number to their SIM card. This lets them intercept SMS-based 2FA codes. Contact your carrier to add a PIN or security freeze to your account, and switch to app-based 2FA.
SSN / Government ID
Highest risk. Enables identity theft, fraudulent tax returns, and new credit accounts in your name. Freeze your credit immediately. Consider placing a fraud alert with the FTC at IdentityTheft.gov and filing for an Identity Protection PIN with the IRS.
Prevent Future Damage
The best defense against breach damage is preparation. Use unique passwords on every account (via a password manager), enable 2FA everywhere, use our breach checker periodically to catch new exposures, and consider using email aliases for services you don't fully trust.
Check the password strength of your most important accounts. If any would be cracked in less than a century, change them now โ before the next breach.
Frequently Asked Questions
How do I check if my email was in a data breach?
Use a breach checker tool that queries the HaveIBeenPwned database. Enter your email and it shows which breaches included your data, when they occurred, and what types of information were exposed. Our free breach checker does this instantly.
Should I change all my passwords after a breach?
Change the breached service's password immediately. Then change any other account where you used the same or similar password. Credential stuffing attacks try stolen credentials across hundreds of services automatically.
What is credential stuffing?
Credential stuffing is when attackers take email/password combinations from one breach and try them on hundreds of other services. Because most people reuse passwords, this attack is highly effective โ one breach can compromise many accounts.
Should I freeze my credit after a data breach?
If the breach exposed your SSN, full name, or date of birth, yes. Freeze your credit with all three bureaus (Equifax, Experian, TransUnion). It's free and prevents new accounts from being opened in your name.
How long does it take for stolen data to be used?
Stolen credentials can be exploited within hours, but data is often sold on dark web markets and may be used weeks, months, or even years later. Act quickly and continue monitoring your accounts.