Got a data breach notice? Here’s what to do next.
If a company tells you your information was leaked in a breach, don’t panic. Follow these steps to protect yourself:
1. Check the company’s official updates
- Every breach is different. Look for details on the company’s website, blog, or social media (like Twitter/X).
- Follow their instructions and watch for new updates.
2. Change your password right away
- Assume your password was leaked and change it immediately.
- If you used the same password elsewhere, change those too. Hackers always try leaked passwords on other sites.
- Pro tip: Use a password manager (like Roboform, PasswordSafe, Bitwarden or 1Password) to create and store strong, unique passwords for every account. They remember complex passwords so you don’t have to.
3. Turn on Multi-Factor Authentication (MFA)
- MFA adds one or more steps to logging in (use a code from an authentication app or a text message if you have no other choice). Even if someone gets your password, they can’t access your account without one of these.
- Best options: Google/Microsoft Authenticator, Authy, or a physical security key (like YubiKey).
- Warning: Never share your MFA code with anyone, even if they pressure you.
4. Freeze your credit (U.S. only)
- A credit freeze blocks thieves from opening accounts in your name. You’ll need to freeze it with all three credit bureaus (Equifax, Experian, and TransUnion).
5. Set up fraud alerts
- Identity monitoring: Alerts you if your info shows up on shady websites.
- Credit monitoring: Tells you if someone tries to borrow money in your name.
- Some companies offer this for free after a breach. You can also sign up for services like Credit Karma or IdentityForce.
6. Watch out for scams
- After a breach, scammers love to send fake emails pretending to be the company. They might:
- Ask for personal info or money.
- Urge you to click a link (which could steal your data or infect your device).
- Stay safe: Only trust updates from the company’s official website. Never respond to suspicious messages.
Key takeaways:
✅ Update passwords everywhere.
✅ Use 2FA—it’s a game-changer.
✅ Freeze your credit if you’re in the U.S.
✅ Ignore urgent messages asking for money or info.