Fraud & Scams

What to Do After a Data Breach

Cameron Huddleston
By 
Cameron Huddleston
  •  
January 29, 2025
Copy Link
URL Copied!
What to Do After a Data Breach

Data breaches have become commonplace. According to the Identity Theft Resource Center, there were 3,158 reported breaches in 2024, with more than 1.7 billion notifications sent to victims.

“We’ve had thousands of breaches and leaks. You’ve had billions of pieces of information released,” says cybersecurity expert Adam Levin, co-host of the What the Hack with Adam Levin podcast. “The information is out there, and a great deal of it is for sale on the dark web. We’re living in a cyber siege state because we are under constant attack.” 

When breaches occur, it's important to know what steps to take if your information has been exposed.

Step 1: Find out if your accounts have been compromised

When large companies experience data breaches, they typically notify customers. However, it sometimes can take weeks or months for notifications to be sent. In the meantime, hackers could be circulating the stolen data on the dark web. That's why it’s a good idea to frequently check if your data has been leaked by using a free data leak checker such as the one provided by Identity Theft Resource Center.

Step 2: Change account passwords

It’s always a good idea to change your account password after a data breach. If you used the same password for other accounts, you’ll need to change those passwords, too. 

Consider using a password manager to generate strong, unique passwords for you. For example, account, credit and identity monitoring service Carefull offers a digital Vault that includes a password generator and stores passwords with military-grade encryption. 

Also, consider getting additional email addresses to segment accounts in order of priority and sensitivity, Levin says. For example, you could use one email address for retail accounts and a different one for financial accounts. Because your email address often is part of your account login credentials, thieves might be able to use it to access your accounts (especially if you don’t have a strong password). Having more than one email account can help lower this risk.

[ See: How to Protect Your Account Passwords ]

Step 3: Use multi-factor authentication

In addition to using strong passwords, Levin recommends getting an extra layer of protection by setting up multi-factor authentication on your accounts. Opt to receive a text message with a code to enter in addition to your username and password when logging into your accounts. 

Better yet, consider downloading an authentication app to use as your multi-factor verification method. Free authentication apps such as Duo Mobile and Google Authenticator create unique passcodes that you’ll need in addition to a password to log into your account and can be an even more secure option than text message codes..

Step 4: Freeze your credit

Keep thieves from using your personal information to open new accounts in your name by freezing your credit. A credit freeze blocks access to your credit reports and sends a message to lenders that they shouldn’t extend new credit in your name because you’re potentially a victim of identity theft. “It should let you sleep a little easier at night,” Levin says.

It’s free and easy to place a freeze on your credit reports at all three of the credit bureaus.You can lift the freeze if you need to apply for credit.  

Step 5: Monitor your accounts, credit and identity

After a data breach, it’s critical to monitor your accounts for unusual activity, Levin says. That’s because not only do the hackers who breached a company’s database have access to your personal and account information, but also they can sell that information on the dark web to other thieves. 

To make it easier to keep constant tabs on your accounts, Levin recommends setting up alerts to be notified of activity on your accounts. To get more comprehensive monitoring, consider a service such as Carefull. It monitors bank, credit and investment accounts 24/7 for unusual transactions, signs of fraud and money mistakes. 

Carefull also provides credit and identity monitoring and up to $1 million in identity theft insurance. Plus, it has Care Agents who can walk you through the steps to take to recover your identity if you become a victim.

Step 6: Install a spam blocker

If phone numbers are accessed during a data breach, thieves can launch smishing attacks—text messages that aim to steal people’s personal information and money, Levin says. So be careful not to click on links in any text messages you receive, even if they appear to come from a reputable company. Instead, contact the company directly to see if there are issues with your account. 

Scammers also can use phone numbers to make spam calls. Cut down on the number of these calls you receive by installing a spam blocker. In addition to account, credit and identity monitoring, Carefull provides spam blocking assistance. Members can select their phone provider and device type and be automatically sent a link to install their provider's preferred spam call blocking application. 

Try Carefull for free for 30 days to protect your finances, credit and identity.

Step 7: Watch out for phishing attacks

When hackers get access to email addresses in data breaches, there tends to be an increase in phishing attacks, Levin says. Be on the lookout for emails that appear to come from legitimate organizations and prompt you to click on links. Those links could include malware or take you to fake websites, where you’ll be prompted to provide your personal or account information.  

To protect yourself, don’t click on any links or attachments in emails—even if those emails appear to come from a trusted source. Contact the company or organization directly to see if it was trying to reach. And if you received an email from friends with a link or attachment, call them to see if they actually sent you an email. Their computer or email could have been hacked, and the hackers could be using their email address to send scam emails.  

Bottom line

The best way to protect yourself against data breaches is to be proactive. You should have protections in place already, Levin says. Don’t wait for a data breach to occur to take the steps listed above. 

[ Keep Reading: What to Do When Your Identity Is Stolen ]

Cameron Huddleston

Cameron Huddleston

Cameron Huddleston is an editor-at-large at Carefull and the author of Mom and Dad, We Need to Talk: How to Have Essential Conversations With Your Parents About Their Finances. You can learn more about her at CameronHuddleston.com or follow her on Instagram at @cameronkhuddleston.

3 Steps to Safer Money,
Try it Free for 30 Days

Step 1

Start your free,
no-risk trial

Step 2

Connect the accounts and cards you want protected

Step 3

Stay alerted to any
unusual activity

Activate your protection
Disclaimer: The information and resources above and within the articles are provided for your convenience through Carefull and should not be considered an endorsement of products, services or information provided, or an assurance of security or privacy provided at the linked site. Bristol County Savings Bank does not own or operate these sites and does not guarantee the accuracy, completeness or timeliness of the information contained therein. We encourage you to review their privacy and security policies which may differ from Bristol County Savings Bank. Bristol County Savings Bank assumes no liability for any loss or damage resulting from any reliance on the material provided.

Related Articles