Data Breach: What to Do Immediately if Your Information Is Exposed

Don't Panic — But Act Fast

Data breaches are increasingly common. In 2025 alone, billions of records were exposed across major companies. If you received a breach notification email, or discovered your information on a site like HaveIBeenPwned.com, your immediate instinct might be to panic — but what you need is a clear action plan. The first 24 to 72 hours after discovering a breach are when attackers move fastest, so the order in which you respond genuinely matters.

Step 1: Identify What Was Exposed

Not all breaches are equal. A breach exposing your email address is a nuisance. A breach exposing your password hash, Social Security number, date of birth, or payment card details is a serious emergency requiring different responses. Before taking action, find out specifically what data was included in the breach.

Read the breach notification carefully — reputable companies are legally required to disclose what categories of data were exposed. Check HaveIBeenPwned.com and enter your email address to see which known breaches include you. If the breached company has a FAQ page about the incident, read it. The categories requiring the most urgent response are: passwords or password hashes, Social Security numbers or national ID numbers, financial account numbers, and date of birth combined with full name and address.

Step 2: Change the Exposed Password Immediately

If your password was included in the breach — even as a hashed value — change it immediately on the affected site. Use a long, randomly generated password that you have never used anywhere else. Our free password generator can create one for you in seconds: aim for at least 16 characters with letters, numbers, and symbols.

Next — and this is critical — identify every other account where you used the same password. This is the most dangerous consequence of a breach: attackers run automated credential stuffing attacks, testing stolen username and password pairs across thousands of sites within hours. If you reused the breached password anywhere, those accounts are at risk too. Change the password on every affected account before attackers get there.

This is exactly why using a different password for every account matters — and why a password manager like NordPass or 1Password is so valuable. When you store every password in a manager, you only need to identify and change the one that was exposed — not hunt through memory trying to remember where you reused it. Both also include built-in breach monitoring that alerts you when your stored credentials appear in known breaches.

Step 3: Enable Two-Factor Authentication

If the breached account does not yet have two-factor authentication (2FA) enabled, enable it now. Even if an attacker has your new password from a future breach, they cannot log in without your second factor. Prefer an authenticator app (Google Authenticator, Microsoft Authenticator, Authy) over SMS when available — SMS-based 2FA can be defeated by SIM-swapping attacks, while app-based codes cannot.

Also enable 2FA on your email account if you haven't already. Your email is the master key to your digital life — anyone who controls your inbox can reset every other password you own by clicking "forgot password" on other sites.

Step 4: Handle Financial and Identity Data Breaches Separately

If the breach exposed financial account numbers, Social Security numbers, or similar identity data, you need additional steps beyond password changes.

Contact your bank or card issuer: Report that your account number was exposed. They will issue you a new card number. Monitor your accounts daily for the next 30 days for unauthorized transactions.

Place a credit freeze: A credit freeze prevents anyone — including you — from opening new credit accounts in your name. It is free, reversible, and the single most effective protection against identity thieves opening fraudulent accounts. Place freezes at all three major bureaus: Equifax, Experian, and TransUnion. You can temporarily lift a freeze when you need to apply for credit.

Set up a fraud alert: A fraud alert requires lenders to take extra steps to verify your identity before extending credit. One bureau must notify the others, so you only need to contact one. Fraud alerts are free and last one year.

Consider identity theft protection: Services like LifeLock monitor the dark web, credit bureaus, and financial accounts for signs your identity is being misused. They also provide restoration assistance if theft does occur — particularly useful after a breach involving SSN or financial data.

Step 5: Watch for Follow-On Attacks

A data breach often triggers a wave of targeted phishing attacks. Attackers know your email address, possibly your name and partial account details, and can craft convincing fake emails pretending to be from the breached company. Be especially skeptical of any email in the weeks following a breach that asks you to click a link, verify your account, or re-enter credentials — even if it looks official. Go directly to the company's website by typing the address rather than clicking links in emails.

Also watch for increased spam calls, texts claiming to be from your bank, and calls from strangers offering breach-related assistance. These are all common follow-on attacks that use breach data to seem credible.

Post-Breach Action Checklist

In the first 24 hours: change the breached password, identify reused passwords and change those, enable 2FA on the affected account and your email. In the first week: check HaveIBeenPwned for other exposures, place credit freezes if financial or identity data was included, set up fraud alerts, and review bank and card statements. Ongoing: monitor your credit report, consider a password manager audit to eliminate remaining reused passwords, and review which accounts have 2FA enabled.

Recommended Tools

A password manager is the single best tool for preventing breach damage from spreading. We recommend NordPass (zero-knowledge encryption, breach monitoring built in, free tier available) or 1Password for families and teams — both alert you when stored passwords appear in known breaches. For identity theft coverage after a breach involving personal data, LifeLock provides dark web monitoring and restoration support.

See our full security tools guide for more recommendations.