Breach response checklist
What to do after a data breach
If your email, password, phone number, or personal data appeared in a breach, act in order. The goal is to stop account takeover first, then reduce fraud and phishing risk.
Do these first
Change reused passwords
Start with the breached account and any account where the same password was reused.
Turn on two-factor authentication
Protect email, banking, social media, cloud storage, and shopping accounts first.
Check account activity
Review recent logins, forwarding rules, payment methods, recovery emails, and connected apps.
Watch for phishing
Expect realistic emails or texts that mention the breached company or exposed details.
Response by data type
Password exposed
Change it everywhere, use unique replacements, and enable 2FA.
Phone number exposed
Watch for smishing texts and SIM swap attempts. Add carrier account protections.
Financial data exposed
Monitor statements, replace cards if advised, and consider a credit freeze.
Government ID exposed
Use fraud alerts, credit freezes, and official identity theft reporting channels.
Health data exposed
Review insurance statements and explanation of benefits documents for unfamiliar claims.
For the next 30 days
Watch for password reset emails you did not request, unknown logins, new forwarding rules, unfamiliar payment activity, and messages that pressure you to click quickly.
For the long term
Move every important account to unique passwords, keep 2FA on, remove unused accounts, and run a regular digital footprint review.