Quick facts
- How to check: Visit HaveIBeenPwned.com โ enter your email to see known breaches
- First 48 hours: Change passwords, enable MFA, place a fraud alert with the credit bureaus
- Free credit freeze: Equifax, Experian, and TransUnion must freeze your credit at no charge by law
- SSN exposed? File an identity theft report at IdentityTheft.gov (FTC official resource)
Act within 48 hours โ the window to limit damage is short
When a company reports a data breach, attackers often sell or use stolen credentials within hours. The type of data exposed determines how urgent your response needs to be:
| Exposed data type | Urgency | Priority action |
|---|---|---|
| Email + password | High | Change password immediately; enable MFA |
| Credit card number | High | Call bank to cancel and reissue card |
| Social Security number | Critical | Freeze credit at all 3 bureaus today |
| Name + address only | Low | Monitor for phishing attempts |
| Date of birth + SSN | Critical | IdentityTheft.gov report + credit freeze |
Bottom line: A password exposure is inconvenient. An SSN exposure requires you to act today โ not next week.
Your step-by-step response checklist
Follow these steps in order. Each builds on the last.
Step 1: Confirm what was exposed. The company is legally required to tell you. Check the breach notification email or letter carefully โ it must list what data was compromised.
Step 2: Change your password for that service โ and for any other account where you used the same password. Use a password manager (Bitwarden is free; 1Password costs $3/month) to generate unique passwords.
Step 3: Enable multi-factor authentication (MFA). Go to the account's security settings and turn on text or app-based verification. This makes your account accessible only with your phone, even if someone has your password.
Step 4: Place a fraud alert with one credit bureau. Call Equifax, Experian, or TransUnion โ whichever you reach first. They are required by law to notify the other two. A fraud alert requires creditors to verify your identity before opening new accounts.
Step 5: Consider a credit freeze. A freeze is stronger than a fraud alert. It prevents any new credit from being opened in your name until you lift the freeze. It is free, permanent until you remove it, and does not affect your existing credit cards or accounts.
Bottom line: A credit freeze is the most powerful free tool available to prevent new fraud. It takes about 10 minutes to place at each bureau online.
What to monitor in the weeks after a breach
The immediate steps above protect you in the short term. Set these up for ongoing protection:
- Free annual credit reports: AnnualCreditReport.com (the only FTC-authorized free source) โ check all three bureaus every few months
- Email alerts: Most banks and credit cards offer free transaction alerts via text or app โ turn these on
- Social Security statement: SSA.gov lets you create an account and see if anyone has filed for benefits using your number
- Watch for phishing: After a breach, attackers send fake emails pretending to be the breached company โ do not click links in any email claiming to be about the breach
Bottom line: Change the exposed password, freeze your credit if SSN was included, and set up transaction alerts on your accounts. These three actions cover 90% of your post-breach risk.
