What to do after a data breach or leak: 7 steps

 

A data breach is when an unauthorized third party accesses sensitive or confidential information. Think: login details, Social Security numbers, or financial information. Breaches can stem from cyberattacks, like phishing or malware, but also from insider threats or system flaws.

In contrast, a data leak is usually unintentional, often caused by human error or poor security practices that expose information without a direct attack.

But whether your data was exposed through a breach or a leak, the risks are largely the same, ranging from simply annoying to derailing your life for years. For example, if only your email or phone number are involved, the impact may be limited to spam, scams, or unwanted contact. But if financial details or Social Security numbers are exposed, you could face stolen funds, credit damage, and even identity theft.

Let’s dive into what to do next if your data was in a breach or leak, and how you can protect yourself from the consequences.

1. Confirm if your data was compromised

When a company suffers a data breach, they’re legally required to notify affected customers. But deadlines vary by state, and some companies delay disclosures, leaving people exposed longer than they should. Ideally, you’ll receive a timely breach notification along with resources to help you respond.

But even without an official notice, unusual account activity may signal trouble. That’s why it’s important to check proactively for signs of a data breach instead of waiting for confirmation. If you suspect your data has been exposed, here’s how to confirm your suspicions:

• Check your accounts: Look for weird transactions, password changes, altered settings, or new login alerts. These can all signal unauthorized access following a data breach.
• Review your credit reports: Scan your credit reports for unfamiliar accounts or inquiries, which could mean someone is trying to open credit in your name.
• Watch for suspicious login alerts: Sometimes companies will email you about suspicious account activity. Look into them, but watch out for phishing attempts. Attackers may create a phony login alert to trick you into revealing information that allows them to take over your account.
• Try a data breach checker: Plug your information into a breach detection tool to see if your data has surfaced on the dark web — the hidden part of the internet where leaked data is often posted or sold. Or, get automatic alerts through the Dark Web Monitoring feature included in Norton 360 with LifeLock.

2. Determine what data was exposed

Once you’ve confirmed your information was involved in a data breach, the next step is figuring out what type of data was leaked. Different kinds of data exposure lead to different risks, so knowing what’s exposed helps you take the right precautions.

Let’s dive into some common types of leaked data and how their exposure puts you at risk:

• Personally identifiable information (PII): Exposure of PII, like your full name, address, or birth date can make you a more vulnerable scam target. Scammers can use this information to make their social engineering and phishing attempts more convincing: a phishing email or vishing call that includes your real name and date of birth is much more likely to trick you — or a customer service representative — into believing it’s legitimate. Tools like Norton Genie, an AI-powered scam detector, can help alert you to clever scams.
• Email address: If your email appears in a data breach, you’re likely to see an uptick in spam and phishing messages. Protect yourself by changing your passwords, enabling two-factor authentication (2FA) wherever possible, and watching out for phishing attempts.
• Phone number: Leaked phone numbers can lead to more spam calls or texts and account break-in attempts. They can also put you at risk of phone takeovers by hackers. Protect yourself by reporting spam numbers, securing online accounts linked to your number, and using SIM monitoring features like those included in Norton 360 with LifeLock Advantage.
• Passwords: If your password or account credentials are leaked, you are at heightened risk of account takeovers, especially if you reuse the same password on multiple sites. Once in your account, fraudsters could make purchases using stored payment details, steal gift cards linked to your account, change your login information to lock you out, or harvest additional personal data to target your other accounts.
• Biometric data: Since biometric info like fingerprints, face ID, or retinal scans is permanent and unique, leaks pose serious risks. Criminals may use it to bypass security or pair it with other stolen credentials. If affected, review which devices or accounts use biometrics and strengthen secondary protections like PINs or tokens.
• Credit card details: If your credit card details are exposed in a data breach, you’re at risk of credit card fraud. Protect yourself by monitoring your bank and credit card statements for suspicious activity, freezing your cards, setting up transaction alerts, and reporting any unauthorized charges to your bank immediately.
• Social Security number: This is among the most serious breaches, since an SSN can be used for identity theft and fraud. Place a fraud alert or credit freeze with all three credit bureaus (Equifax, Experian, TransUnion), watch your credit reports for new accounts, and file taxes early to help prevent tax fraud.

3. Secure vulnerable accounts

After a data breach, attackers may try to break into your accounts or lock you out of them. Securing your logins with stronger protections can help you stay in control and prevent further damage.

Here’s how:

• Change your passwords: Update passwords for any accounts tied to the exposed email address or login. If you reused that password elsewhere, update those accounts too.
• Use a password manager: Generate strong, unique passwords for every account and store them in an encrypted password manager so you don’t have to remember them all. This ensures one stolen password doesn’t compromise multiple accounts.
• Set up multi-factor authentication (MFA): MFA requires you to provide two or more verification factors before you can access your accounts. This helps protect you from post-breach threats by adding an extra layer of security, making it significantly harder for unauthorized users to gain access even if they have your password.
• Remove unfamiliar devices: After a data breach, check your accounts for suspicious logins. If you see unfamiliar devices, remove them.
• Protect your SIM card: Scammers can use your personal information to trick your mobile carrier into swapping your phone number to their SIM card, a practice known as a SIM swap attack. This allows them to intercept your calls and texts, including two-factor authentication codes.

Protect your SIM card by setting up a unique PIN with your mobile carrier and getting Norton 360 with LifeLock Advantage to monitor for phone takeovers.

4. Freeze or lock your credit

If highly sensitive information like your Social Security number (SSN) is exposed in a data breach, criminals could try to open new lines of credit in your name. Placing a credit freeze on your credit reports prevents lenders from accessing them, which in turn blocks new credit applications from being processed.

A credit freeze usually isn’t necessary if only less sensitive data, like an email address, was leaked, since that information alone can’t be used to open new lines of credit.

You can also consider a credit lock, a paid alternative that offers extras like credit monitoring alerts or identity theft insurance. It’s also more convenient, since you can lock and unlock access instantly through a mobile app. This is useful if you’re actively applying for credit.

5. Set up fraud alerts

Fraud alerts give lenders a heads-up that you may be a victim of fraud when they run your credit, so they know to take extra care to verify the applicant’s identity. You can set an alert by contacting any major credit reporting agency, and they’ll alert the others automatically.

If you were involved in a breach or suspect you may have been, request the standard one-year fraud alert. If you actually fell victim to identity theft, look into an extended fraud alert, which protects you for seven years.

You don’t have to wait for a lender to verify your identity to find out if someone is using your credit. Subscribe to Norton 360 with LifeLock Advantage to find out as soon as fraudulent activity related to your Social Security number or credit is detected.

6. Monitor your reports

Continue to monitor your reports closely for at least a year after a data breach — potentially longer if you notice suspicious activity throughout the initial year. Keep a close eye on the following reports:

• Social Security statements: Regularly check your My Social Security (My SSA) account for unfamiliar benefits activity or requests.
• Bank statements: Review transactions for unauthorized or unfamiliar charges.
• Credit reports: Pull your report from each bureau and look for unfamiliar accounts or credit checks that could signal fraud. AnnualCreditReport.com now allows you to get free weekly reports from Equifax, Experian, and TransUnion.

Or, make account monitoring easy and convenient with Norton 360 with LifeLock Advantage, which helps you monitor your bank accounts and credit reports, alerting you to suspicious activity.

7. Warn people you know

If your accounts or contact details were exposed in a data breach, attackers may try to use that information to scam your friends, family, or coworkers. They might send phishing emails, suspicious texts, or even impersonate you to trick others into sharing personal data.

To reduce the risk, give your contacts a heads-up so they know to be cautious with unusual messages. Remind them not to click suspicious links, download unexpected attachments, or share sensitive information without confirming it’s really from you. A quick warning can go a long way.

How to protect yourself from future data breaches

No one can fully guarantee protection from a data breach, but good security habits can reduce your risk and limit the damage if one occurs. The key is to protect your accounts, share less information, and stay alert for scams:

• Use multiple email accounts: Use separate email addresses for banking, shopping, social media, and personal use. That way, if one account is breached, the damage is contained.
• Strengthen your passwords: Create unique, complex passwords for every account. A password manager can help you keep track without reusing them. Unique passwords offer real protection against hacking techniques like brute force attacks and credential stuffing.
• Look out for signs of scams: Watch for common phishing red flags like suspicious links, grammar mistakes, or urgent requests for personal info. If you clicked on a malicious link, perform a quick malware scan. Tools like Norton Genie can help you determine if a message or link is legitimate using the power of AI.
• Verify before you click: If something feels off, confirm directly with the company or person using a trusted contact method. This can help you avoid downloading malware or directly sharing sensitive information with an unsafe person.
• Limit information sharing: Only share the minimum personal details necessary, even with legitimate organizations. The less data you share, the less there is to steal.
• Sign up for identity theft protection: Identity theft and data breach protection services help you monitor the dark web for your personal data. Norton 360 with LifeLock Advantage also provides crucial support if you become the victim of fraud, offering up to $100,000 in Stolen Funds Reimbursement.

What should the affected company do after a data breach?

A data breach doesn’t just impact you. The company involved also has a responsibility to act quickly and responsibly. Here are the key steps they should take:

• Contain the breach: Isolate compromised systems or networks to stop the attack from spreading.
• Assess the damage: Investigate what data was accessed, when it happened, and who was responsible.
• Notify anyone affected: Be transparent by informing customers and employees whose data was exposed. Companies should also provide resources and guidance to help people protect themselves.
• Restore their systems: Patch vulnerabilities and repair compromised systems to get operations back on track.
• Enhance security: Ideally, companies should strengthen software defenses, train employees, and implement tighter security protocols to prevent future breaches.

Recent data breach news

Data breaches regularly make headlines, and they impact even the biggest organizations. Here’s what’s been making waves lately.

TransUnion

In August 2025, TransUnion, one of the three major credit reporting companies, confirmed a data breach that exposed nearly 4.5 million customers’ personal information. Hackers stole sensitive data from a third-party application used for customer support. The breach included names, birthdates, and Social Security numbers.

Google, Apple, and Facebook

In what’s being called the largest data breach in history, an infostealer attack targeted Google, Apple, and Facebook. According to Cybernews, the breach exposed 16 billion login credentials across 30 datasets. While some records may be outdated, experts warn that much of the stolen information is fresh and poses a serious threat to users.

Qantas

In June 2025, Australian airline Qantas reported suspicious activity in a third-party customer service platform containing data from about 6 million people. Exposed information included names, email addresses, phone numbers, birth dates, and frequent flyer numbers. The investigation is ongoing.

Belk

In May 2025, Department store Belk suffered an attack by the DragonForce cyber cartel, which claimed to have stolen 156 GB of customer and employee data. The breach disrupted operations, and Belk took nearly a month to notify those affected, prompting two class-action lawsuits. The company has since reinforced its security and offered support to victims.

Experian

In late 2022, attackers exploited a technical flaw that exposed Experian’s consumer credit files. The vulnerability was active for 47 days and allowed attackers to access a person’s full credit report with just their name, address, date of birth, and Social Security number. The company was notified in December 2022, but took a month to inform the public, silently patching the issue instead of disclosing the breach immediately.

Guard your identity after a breach

Once your personal information has been exposed after a data breach or leak, your identity is in danger. In fact, one in three Americans’ Social Security numbers are now at risk for identity attacks due to data breaches.

With Norton 360 with LifeLock Advantage, you get layered protection against the fallout of data breaches and leaks. Help spot bespoke scams using the power of AI, receive alerts if your sensitive data shows up on the dark web, monitor your credit report for unusual activity, and set up bank account monitoring to catch suspicious charges. Plus, if your identity is stolen, you’ll be eligible for up to $1.2 million in potential coverage.

FAQs

What does the FTC recommend data breach victims do after an attack?

The FTC’s advice for what to do after a data breach differs based on the information that was exposed. But generally, it recommends that you check for unfamiliar accounts on your credit report, set up a monitoring service, get identity theft insurance, and place a credit freeze or fraud alert.

Can I sue if my data is breached?

If you can prove that the breach caused you harm or was a result of negligence, you may be able to sue. Consult an attorney to confirm if your data was mishandled and what options you have.

How much compensation can I get for a data breach?

Compensation varies by case and jurisdiction. Sometimes, the payout covers actual losses. Other times, the company offers a split settlement between affected individuals.

What was the biggest data breach in history?

The largest data breach to date targeted tech companies like Apple, Facebook, and Google, exposing 16 billion login credentials.