What to Do After a Data Breach: 10-Step Recovery Plan
There were 3,205 publicly reported data breaches in 2025, exposing over 422 million records. If you have more than a handful of online accounts, your data has almost certainly been compromised in at least one breach. The website haveibeenpwned.com, which tracks breaches, shows the average email address appearing in 5-7 different breaches.
A breach notification doesn't mean your life is ruined. It means you need to act methodically and quickly. This 10-step plan covers exactly what to do, in priority order, whether your email, password, Social Security number, or financial information was exposed.
Got a breach notification email? Paste it into our free scanner to verify it's legitimate →
Step 1: Verify the Breach is Real
Before panicking, confirm the notification is legitimate. Scammers send fake breach notifications as phishing attacks — "Your account was compromised, click here to reset your password" — designed to steal credentials from people who are already anxious.
Don't click links in the notification email. Instead, go directly to the company's website and check their security or blog page for breach announcements. Search news sites for the company name plus "data breach." Check haveibeenpwned.com to see if your email appears in the reported breach.
Step 2: Determine What Was Exposed
Not all breaches are equally dangerous. The severity depends on what data was stolen:
- Email and password only: Moderate risk — change passwords immediately, especially if you reuse them
- Email, password, and personal info (name, address, phone): Higher risk — you may be targeted with personalized phishing
- Social Security number: Severe — freeze your credit immediately
- Financial information (credit cards, bank accounts): Severe — contact your financial institutions
- Medical records: Severe — monitor for medical identity fraud
Step 3: Change Passwords on Affected Accounts
Change the password on the breached account immediately. Go directly to the service's website — don't use links from any email. Use a strong, unique password generated by a password manager. If you used the same password on other accounts (we know, most people do), change those too — starting with email, banking, and social media.
Think it might be a scam?
Paste it here for a free, instant verdict.
Free · No signup required · Cmd+Enter to scan
Step 4: Enable Two-Factor Authentication
If you haven't already, enable 2FA on the breached account and on every important account. Use an authenticator app (Authy, Google Authenticator) rather than SMS. See our detailed 2FA setup guide for account-by-account instructions.
Step 5: Freeze Your Credit (If SSN Was Exposed)
If your Social Security number was part of the breach, freeze your credit at all three bureaus immediately. This prevents identity thieves from opening new accounts in your name. Follow our credit freeze guide for step-by-step instructions — it takes about 30 minutes and is completely free.
Step 6: Monitor Your Financial Accounts
Check your bank accounts, credit cards, and investment accounts for unauthorized transactions. Set up transaction alerts if you haven't already — most banks allow you to receive notifications for every transaction above a certain amount (even $0, which alerts you to every charge).
Request your free credit reports at annualcreditreport.com and review them for accounts you don't recognize. You're entitled to free weekly reports from all three bureaus.
IsThisAScam's 6-layer detection system can help you identify phishing attempts that follow data breaches — scammers often purchase stolen data and use it to craft targeted phishing emails within days of a breach announcement.
Step 7: Watch for Targeted Phishing
After a breach, expect an increase in phishing attempts. Scammers buy breached data and use your real information (name, address, partial account numbers) to craft convincing messages. Be extra cautious with emails, texts, and calls in the weeks following a breach — even if they reference real details about your accounts.
Step 8: File Official Reports
Depending on the severity:
- All breaches: File a complaint with the FTC at reportfraud.ftc.gov
- Identity theft: File an identity theft report at identitytheft.gov — this gives you legal rights and a recovery plan
- Financial fraud: File a report with your local police department
- Tax-related fraud: File IRS Form 14039 (Identity Theft Affidavit) and consider getting an IP PIN
Step 9: Take Advantage of Offered Services
Companies that suffer breaches often offer free credit monitoring or identity protection services to affected users. These typically include credit report monitoring, dark web monitoring for your personal information, and identity restoration services. While these don't prevent fraud (freezing your credit does that), they can help you detect problems early.
Read the terms carefully before enrolling — make sure the service doesn't require you to waive your right to participate in lawsuits related to the breach.
Step 10: Review and Reduce Your Digital Footprint
Use this incident as motivation to minimize your exposure to future breaches:
- Delete accounts you no longer use — every account is a potential breach target
- Remove saved payment information from sites where you rarely shop
- Use a dedicated email alias for different categories of accounts
- Review app permissions and revoke access for apps you no longer use
- Consider using privacy-focused services where possible
Long-Term Monitoring
Some consequences of data breaches take months or years to appear. Continue monitoring:
- Check your credit reports quarterly
- Review bank and credit card statements monthly
- Monitor haveibeenpwned.com for new breaches involving your email
- File annual free credit reports from all three bureaus
- Watch for unexpected mail about accounts you didn't open
For more on keeping your accounts safe, see our guides on creating strong passwords and securing your email account.
Received something suspicious? Check it now for free →