You just got an email saying a company you use was breached. Your name, email, maybe even your Social Security number could be in the hands of strangers. Now what?
In 2025, the U.S. hit a record 3,322 data compromises, and roughly 278.8 million victim notices were sent out, according to the ITRC's 2025 Annual Data Breach Report. An ITRC survey found that 80% of people had received at least one breach notification in the past 12 months, and 88% of those people experienced a negative consequence afterward, from phishing attempts to account takeovers.
A real example shows why acting fast matters. In 2024, AT&T disclosed two separate breaches that together affected over 100 million current and former customers. The first exposed Social Security numbers, dates of birth, and account details for roughly 73 million people. The second exposed call and text metadata for nearly all AT&T wireless subscribers. The stolen data appeared on dark web marketplaces, and by early 2026, previously encrypted Social Security numbers in the dataset had been fully decrypted by criminals and relisted for sale (Source: FCC AT&T Settlement Announcement, September 2024; reporting by CBS News, April 2024). Anyone who delayed freezing their credit or changing passwords after that first notification was left exposed for months.
Knowing what to do after a data breach may mean the difference between a minor inconvenience and months of dealing with fraud. Here is your data breach checklist, step by step.
Step-by-Step Data Breach Response
A fast, organized data breach response limits how much damage a stolen record can cause. You do not need to do everything at once. Start at step one and work your way down. Each step builds on the one before it.
Step 1: Read the Breach Notification Carefully
Not all breaches are the same. Your first move is to figure out what was actually exposed. Breach notification letters or emails usually tell you which data types were compromised. Look for specifics like:
- Email addresses and passwords
- Social Security numbers
- Credit or debit card numbers
- Medical records or insurance IDs
- Phone numbers and home addresses
The type of data exposed determines your next steps. A leaked email address is less urgent than a leaked Social Security number.
Step 2: Change Your Passwords Immediately
Start with the breached account and change its password right away. If you used that same password on any other accounts, change those too. Reusing passwords can turn a single breach into multiple compromised accounts.
Use a password manager to generate and store strong, unique passwords for every account going forward.
Step 3: Turn On Two-Factor Authentication
Adding a second layer of verification makes your accounts much harder to break into, even if someone has your password. Use an authenticator app like Google Authenticator or Authy instead of SMS whenever possible. SMS codes can be intercepted through phone number hijacking attacks like SIM swapping.
Step 4: Freeze Your Credit at All Three Bureaus
If your Social Security number or financial data was exposed, freeze your credit immediately. A credit freeze makes it much harder for anyone to open new accounts in your name. Contact each bureau directly:
- Equifax: equifax.com/personal/credit-report-services/credit-freeze or 1-888-298-0045
- Experian: experian.com/freeze or 1-888-397-3742
- TransUnion: transunion.com/credit-freeze or 1-800-916-8800
A freeze is free, and you can lift it temporarily whenever you need to apply for credit. You can also place a fraud alert, which asks creditors to take extra steps to verify your identity before approving new accounts.
Step 5: Check Your Bank and Credit Card Statements
Go through your recent bank and credit card statements line by line. Look for any charges you do not recognize, no matter how small. Fraudsters may test stolen financial data with small purchases before attempting larger ones.
Set up real-time transaction alerts through your bank's app if you have not already. Early detection is one of the easiest ways to catch unauthorized activity before it escalates.
Step 6: Report the Breach to the FTC
Visit IdentityTheft.gov to report the breach and get a personalized recovery plan from the Federal Trade Commission. The FTC creates a step-by-step action plan based on your specific situation, including pre-filled dispute letters you can send to creditors and credit bureaus. An FTC Identity Theft Report may also give you certain rights under the Fair Credit Reporting Act, such as faster removal of fraudulent information from your credit report.
Step 7: Sign Up for Dark Web Monitoring
What happens when your personal data is found on the dark web is that it can get traded, bundled with other stolen records, and sold to other criminals. Buyers may use it for identity theft, phishing, or account takeovers. The AT&T breach is a clear example: data stolen in 2024 resurfaced in 2026 with previously encrypted fields now fully readable. Breach data does not expire. Dark web monitoring services scan underground marketplaces and alert you when your data shows up, so you can act before someone uses it.
If the breached company offers free monitoring, take it. For ongoing protection, a dedicated service that covers your SSN, email, and financial accounts gives you better long-term coverage.
Step 8: Remove Your Data From Broker Sites
Data brokers collect and sell your personal information, often without your knowledge. After a breach, this data becomes even more dangerous because attackers can combine it with stolen records to build a more complete profile of you. Removing your data from broker sites reduces how much information is available to anyone trying to exploit the breach.
Step 9: Compartmentalize Your Accounts Going Forward
How to minimize damage from a personal data breach in the future comes down to one idea: stop using the same email and phone number for everything. When every account shares the same contact info, one breach can expose them all.
Using unique email and phone aliases for each account means a breach at one company stays contained. The compromised alias leads nowhere useful. You disable it and create a new one.
How to Protect Myself After a Company Data Breach: Long-Term Habits
Data breach recovery does not end after the first week. Staying protected means building a few simple habits:
- Check your credit reports regularly. You can pull free weekly reports from all three bureaus at AnnualCreditReport.com.
- Watch for phishing follow-ups. After a breach, scammers often send fake emails pretending to be the breached company. Never click links in unsolicited messages.
- Screen unknown calls. Breach data fuels scam call campaigns. If you do not recognize the number, let it go to voicemail.
- Review account permissions quarterly. Disconnect apps and services you no longer use.
Take Back Control After a Breach
What happens after a data breach does not have to be a spiral. Acting fast on the steps above can help limit the damage. Freezing credit, changing passwords, and monitoring for fraud are all free or low-cost.
For long-term protection, Cloaked combines dark web and SSN monitoring, data removal from 130+ broker sites, unlimited email and phone aliases, and $1M in identity theft insurance. Run a free safety scan to see how exposed your data already is, or get in touch to learn more.
FAQs
What is the first thing I should do after a data breach?
Read the breach notification to find out what data was exposed. Then change your password for the affected account and any other account where you used the same password.
Should I freeze my credit after every data breach?
If your Social Security number or financial data was involved, yes. A credit freeze is free and you can lift it whenever you need to apply for credit.
What happens when your personal data is found on the dark web?
Stolen data can get traded and sold to criminals who may use it for identity theft, phishing, or account takeovers. Dark web monitoring alerts you when your information appears so you can take action.
How long should I monitor my accounts after a breach?
At least 12 months, but ongoing monitoring is better. Some fraud attempts happen months or even years after the original breach.
Does filing a report with the FTC actually help?
Yes. The FTC creates a personalized recovery plan and an Identity Theft Report that may give you rights to dispute fraudulent accounts and get them removed from your credit report faster.
How do I stop my data from being exposed in future breaches?
Use unique passwords for every account, turn on two-factor authentication, remove your data from broker sites, and use separate email aliases for different accounts so one breach cannot expose everything.
