GUIDE · UPDATED 2026-07
What to do after a data breach
A calm, ordered checklist for when your data is exposed — from the FTC's own recovery guidance.
A data breach can feel overwhelming, but a clear action plan helps you protect yourself and limit future harm. The FTC provides straightforward steps for breach response, and you can take additional measures to prevent your exposed information from being sold to data brokers.
Find out what was actually exposed
Start by learning exactly what information the breached company lost. Check any official notice they sent, or contact them directly to ask. Knowing whether your name, email, password, Social Security number, or financial details were compromised determines which next steps matter most for you.
Secure your accounts immediately
- Change passwords for any account affected by the breach, especially email and financial accounts
- Turn on two-factor authentication (or multi-factor authentication) wherever it's available—this adds a critical security layer even if a password is compromised
Monitor for misuse and set up alerts
Watch your financial accounts and statements for suspicious activity. You can access free credit reports to check for unauthorized accounts or changes. If you see actual fraudulent charges or accounts opened in your name, report it at IdentityTheft.gov, where you'll receive a personal recovery plan tailored to your situation.
Consider a credit freeze or fraud alert
If the breach included your Social Security number or financial information, a credit freeze or fraud alert may be warranted. Both restrict access to your credit file and make it harder for someone to open fraudulent accounts in your name.
Opt out of data brokers
Breached data often ends up in data-broker databases for resale. After a breach, opting out of these brokers limits the resale and reuse of your exposed information. This step works best alongside the protections above, not as a substitute for them.