Skip to content

What To Do If You’ve Been Part of a Data Breach


These days, it seems like data breaches happen so frequently consumers can hardly keep up. Almost every week there are headlines about another company that’s been breached.

What should you do if you have an account with one of these breached organizations, and your information has been exposed?

When you hear about a data breach you think you might be involved in, you should act quickly to secure your digital accounts. This guide covers what kind of information could be exposed in different types of data breaches. It also provides a list of actions to take following a data breach to secure your information.

Types of data breaches

The type of data breach may dictate how you respond. Common types of data breaches and the possible information that could be exposed are:

  • Breaches of banks and financial institutions: This kind of breach could expose banking info such as your credit and debit card numbers or account numbers. It could also expose your name, address, birth date, email address, credit score, payment history, and even your Social Security number.
  • Breaches of medical facilities: If a hospital, clinic, or other healthcare facility experiences a data breach, it could expose your Medicare or insurance policy numbers, medical treatment history, prescription information, billing info such as credit card account numbers, and your Social Security number.
  • Breaches of government agencies: If a government organization is hacked and has a data breach, it could expose your Social Security number or information related to tax payment and voter registration.
  • Breaches of entertainment companies: Video game vendors and event ticketing services are often targets of cybercriminals in the entertainment sector. Hacks of these companies could reveal names, phone numbers, addresses, or banking info. They could also infringe on your privacy, as was the case with the Fortnite hack in 2018.
  • Breaches of educational institutions: Schools and colleges collect personally identifiable information about their students, including names, birth dates, addresses, driver’s license numbers, Social Security numbers, bank account numbers, or university ID numbers.

Steps to take if you were involved in a data breach

1. Confirm the breach occurred

Before doing anything, you should confirm that there was, in fact, a data breach. A common phishing scam is sending out an email that looks like it’s from a company you have an account with, saying there’s been a breach or a problem with your account. It will say you need to click a link to log in. If you get an email like this, never click any links. Instead, contact the company directly or search for news stories to confirm the breach.

2. Scan your computer/device for viruses

It’s possible you may have logged into the breached company’s account before you realized they were hacked. If your information was exposed, hackers may have already tried to use it. Run a malware scan on your computer, smartphone, or any device you use to access the accounts of the hacked company.

3. Determine which information was stolen

Once you know the breach has occurred, you need to figure out which information is potentially exposed. Depending on the type of breach, this information may vary. If it was a healthcare facility, you can probably assume your health info is at risk and start securing it. If you find a news story about the breach or contact the company to confirm, you’ll likely learn what information was exposed.

4. Reset all your passwords

Change the passwords on all your online accounts — even those that you think may not be involved in the breach. If the account uses your email address, name, or any other sensitive information that could identify you, it needs a new password. This is also the chance to strengthen your passwords and use something harder to crack than [email protected] If you don’t already use a password manager, now is the perfect time to start.

5. Review your digital accounts

As you’re going through each of your accounts to change passwords, delete any old accounts you no longer use. The less information about you on the web, the better. If you’re deleting an account that has uploaded files such as documents, photos, or videos, delete all those files from the account first, then delete the account.

6. Contact the hacked company and take further actions

Changing your passwords is a good step, but you may also need to reach out to banks, doctor’s offices, credit bureaus, universities, or whoever has your information to further protect yourself. It may also involve canceling credit cards, putting a freeze on your account, initiating a fraud alert, or asking for copies of medical records.

7. Keep monitoring your accounts

After you’ve reset your passwords and contacted the relevant companies about the breach, your work is still not done. Continue to monitor your accounts for suspicious activity. Be on the lookout for more phishing emails than usual or transactions made in your name.

How do you know if you’ve been part of a data breach?

Reading about a data breach in the news is one way to learn about it, but that’s a little passive. To keep your information secure, you should actively check if you’ve been part of a data breach. has a data breach checker, which will allow you to see if your information has been compromised. All you have to do is enter your email address.

Learning your information is involved in a data breach can feel stressful and overwhelming. As long as you act quickly and take the proper steps to secure your data, you may be able to minimize the damage.

To learn more about data breaches, you can also listen to the Easy Prey podcast episode with Troy Hunt, a web security expert and educator who created the data breach search tool Have I Been Pwned?

Related Articles

  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety
Stuart Madnick has been in cybersecurity since 1974 and knows a lot about the costs of cyberattacks.

The Cost of Cyberattacks: Minimizing Risk, Minimizing Damage

Most of us view the internet as a useful and benign tool. But in many ways, it’s…

[Read More]

How to Keep Your YouTube from getting Demonetized

You finally did it–you hit all of the markers for acceptance in the YouTube Partner program, and…

[Read More]

How to Stay Out of Facebook Jail

Many of us have been there before–behind the proverbial bars of social media punishment. We’re left shocked…

[Read More]
Lisa Plaggemier's job is to promote cyber security awareness.

Cyber Security Awareness for Everyone

You can do anything on the internet – shop, bank, meet your future spouse, become famous, and…

[Read More]

Cyberbullying Prevention: What Parents Can Do

It’s very easy for anyone to create a fake online profile and say or do mean things…

[Read More]
Lost iPhone

Lost iPhone? If It’s Missing, Look Up to the Cloud for Help.

Here's an important piece of advice: You need to learn what Find My and can do...

[Read More]