This article is brought to you by Aura.
Watch the video to see how we protect you online.
This article is brought to you by Aura. Watch the video to see how we protect you online.
Start Free Trial
4.7 stars on Trustpilot
Close Button
What is Aura? (1:10)

Here's What To Do After a Data Breach [12 Steps]

Hackers have stolen billions of pieces of personal information through data breaches. Here’s how to protect your identity and finances after a breach.

what to do after a data breach

Aura’s app keeps you safe from scams, fraud, and identity theft. Try Aura for free.

4.7 stars as of March 2024

In this article:

    In this article:

      See more

      Aura’s digital security app keeps your family safe from scams, fraud, and identity theft.

      See pricing
      Share this:

      How Do You Secure Your Identity After a Data Breach?

      Data breaches are one of the biggest threats to your identity and finances. Unfortunately, in 2024, it’s almost guaranteed that at least some of your personal data has been leaked in a data breach.

      AT&T confirmed that passcodes and Social Security numbers of over 7.6 million customers was exposed in a March 2024 breach [*]. These four-digit passcodes are used to verify your identity with AT&T customer support.

      Yet, only 50% of people change their passwords after finding out they were leaked in a data breach [*].

      It can feel overwhelming to try and keep up with the latest data breaches and maintain the security of your personal information and online accounts. But with a few steps, you can ensure that you’re doing everything you can to avoid identity theft, fraud, and online account takeover.

      Here’s what to do as soon as you find out you’ve been the victim of a data breach.

      What To Do After a Data Breach: 12 Steps

      1. Confirm the breach has happened
      2. Find out what sensitive data was stolen
      3. Secure your log-ins, passwords, and PINS
      4. Switch to an authenticator app for MFA
      5. Freeze your credit
      6. File a report with the Federal Trade Commission
      7. Take special steps for healthcare, government, and financial breaches
      8. Carefully consider any free support
      9. Monitor other accounts
      10. Remove your personal information from data brokers
      11. Delete old accounts
      12. Sign up for identity monitoring

      1. Confirm the breach happened (but be cautious of emails)

      Data breaches are often in the news. But the first place you’re most likely to hear that you’ve been affected is in an email from the impacted company. 

      State law mandates that companies need to disclose data breaches. Unfortunately, some hackers use these emails as an opportunity to steal your information even if there hasn’t been a leak. 

      Fake breach emails — known as “phishing emails” — use our fear and emotional response to hacks to get us to act irrationally. A hacker will send an email claiming to be an impacted company and ask you to either:

      1. Click a link (which could download malware to your device and allow them to hack your email). 
      2. Confirm your account details (which will go straight to the hacker). 

      If you get a breach email, don’t click any links or respond to the message as someone could be trying to scam you online.

      Before you take action, confirm the breach by visiting the organization's website or searching the web.

      If the breach is real, you’ll find news alerts online and a data breach notification on the website or your account page. 

      ⚠️ Take action: If scammers gain access to your personal information after a data breach, your bank account, email, and identity could also be at risk. Try Aura’s identity theft protection free for 14 days.

      2. Find out what sensitive data was stolen

      Next, find out what information was stolen. This helps you to understand what types of identity theft you're at risk of and how you can mitigate the damage that hackers can do.

      For example, a cybercriminal can do much more damage with your Social Security number than an unused account username.

      Companies will often notify you of what information was breached in an email, account notification, or FAQ. But what can criminals do with each piece of your data?

      Here are the most common data targets hackers go after and what they can do with them:

      • Email — Thieves can use your email to send spam and attempt to log into other accounts that share the same email. For example, thieves may log into your bank using your Facebook email.
      • Encrypted passwords — Most sites encrypt passwords. But hackers use software to crack weak ones within minutes or hours. Once they have access to your passwords, they’ll try them on as many accounts as possible. (This is why you should never reuse passwords across accounts.)
      • Full name — Hackers use your name to find other  publicly available information about you in your online footprint. With enough information, they can commit identity theft.
      • Phone number — Cybercriminals can use your phone number for spam calls, identity theft, and SIM-jacking. This is where a thief claims your number for their own and receives all your texts and incoming calls.
      • Home address — An exposed address can put you at risk of change-of-address scams, tax fraud, and other forms of identity theft.
      • Credit card numbers — Thieves can use stolen credit card details to pay for goods online or buy gift cards that can’t be traced (a scam called “carding”). This is even if they don’t have your physical card.
      • Social Security number (SSN) — Your Social Security number is perhaps the most vulnerable piece of information a thief can steal. With your SSN, they can commit identity theft, tax fraud, unemployment scams, loan fraud, and much more. (Plus, it's not always possible to change your Social Security number – even after identity theft.)

      Once you know what personally identifiable information (PII) is vulnerable, it’s time to protect yourself.

      📚 Related: How Do Data Breaches Happen? What Can You Do About Them?

      3. Secure your log-ins, passwords, and PINS

      Once you know your data has been compromised, you need to secure your accounts and limit the damage hackers can do. If you’re lucky, you’ll update your information before anyone is able to access your accounts.

      Here’s how to update your passwords to make them more secure:

      • Use unique passwords for each account. If you reuse a password that is compromised in a breach, it can put multiple accounts in danger. Always use a unique password for each account to minimize what scammers can do with your information.
      • Choose a password that is at least 10–12 characters long. Include upper and lowercase letters, numbers, and symbols to make it harder for hackers to crack.
      • Don’t include personal information in your passwords. This includes pet names, family names, or hometown information. Scammers regularly scan your social media profiles and online footprint to find this information.

      To keep track of your new, more secure passwords, consider a password manager. This is a secure tool that records your strong passwords automatically so you don’t have to worry about forgetting them.

      Aura’s included password manager can also warn you if an account has been compromised or if you’re using a weak password that could easily be cracked.

      🧐 Take action: If you accidentally give scammers your personal data (or its leaked in a data breach), they could take out loans in your name or empty your bank account. Try an identity theft protection service to alert you of fraud.

      4. Switch to an authenticator app for 2FA/MFA

      Next, set up two-factor or multi-factor authentication (2FA/MFA) on any account that allows it.

      This is an extra security measure that requires a one-time-use code in addition to your username and password to log into an account. Many people use text messages (SMS) to receive their 2FA code, but this can be compromised by hackers.

      Instead, try using an authenticator app like Google Authenticator or Okta.

      5. Freeze your credit with all three bureaus

      Identity thieves are almost always financially motivated — and the information they steal from a data breach can often give them access to your credit or even your bank account.

      A credit freeze blocks anyone from accessing your credit report. This means that scammers won’t be able to open new accounts or take out loans in your name (and ruin your credit score).

      To freeze your credit, you’ll need to contact each of the three major credit bureaus individually — Experian, Equifax, and TransUnion. They’ll ask for proof of your identity and then give you a PIN to be used to freeze or unfreeze your credit.

      Here’s how to contact each of the credit bureaus:

      Experian Security Freeze — P.O. Box 9554, Allen, TX 75013
      Equifax Information Services LLC — P.O. Box 105788, Atlanta, GA 30348-5788
      TransUnion LLC – P.O. Box 2000, Chester, PA 19016
      Why not use a fraud alert?

      A fraud alert requires credit companies to identify you before verifying a credit approval. This can also make it harder for criminals to open new accounts or take out loans in your name. However a fraud alert is only a suggestion — not a requirement. Some lenders will ignore the alert or use verification methods that scammers can easily bypass.

      If you’d like to use a fraud alert, you only need to contact one of the credit bureaus. By federal law, they’re required to notify the other two of your alert.

      Pro tip: Aura lets you lock your Experian credit file with a single click so you can easily keep your credit safe from hackers.

      6. File a report with the Federal Trade Commission (FTC)

      If your personal information is used by criminals, one of the best things you can do is file an identity theft report with the FTC at

      An official FTC report acts as proof of the crime and can be used when disputing fraudulent transactions or clearing your name of other crimes the identity thieves may have committed.

      📚 Related: Is Kroll Identity Monitoring Legit? What You Need To Know

      7. Take special steps for healthcare, government, and financial breaches

      Depending on the type of breach you’ve suffered, there may be additional steps you should take to protect yourself.

      What to do if your healthcare information was leaked in a data breach:

      Healthcare breaches come from hospitals, health insurance or other providers. These leaks can lead to medical fraud or even blackmail.

      Here are a few extra steps to take after a healthcare data breach:

      1. Ask your doctor and health insurance provider for copies of your most recent medical records and benefit statements. Verify each item to make sure someone else isn’t using your benefits.
      2. Contact your health care providers for a list of anyone with whom they’ve shared your information. Look for any unfamiliar organizations, conditions, or insurance claims. Legally, you have the right to request this information once per year, free of charge.
      3. Be cautious of bills for medical procedures you don’t know about. Respond and inform the collector that you may be the victim of identity theft.
      4. Review your Health Savings Account (HSA) and Flexible Spending Account (FSA), if applicable. Make sure thieves have not accessed the funds in these accounts.
      What to do if you’re part of a government or tax-related data breach:

      If a government agency is responsible for the data breach, you might need to take additional steps. This includes breaches from federal, state, or other government agencies, including the military. (Government data breaches can lead to military or veteran fraud).  

      In most cases, the impacted agency should reach out with guidance of what to do. But be cautious of any communication claiming to be from the government, especially emails and texts.

      Another relatively common type of identity theft is tax fraud. This is where a thief uses your data to claim a tax refund in your name. If you receive a letter from the IRS informing you that someone else has filed a tax return in your name, follow the instructions provided in the letter.

      What to do if your financial information was leaked in a data breach:

      If the breach has come through a financial account — like a credit card company or bank — take extra precautions to protect your data.

      1. Call the card issuer, ask them to invalidate your credit card or debit card, and request a new one.
      2. If you see suspicious charges, contact the fraud department at the organization to begin resolving the charges.
      3. You may also need to take steps to help repair your credit after identity theft.

      These steps are important to take on your own, but some additional help may also be available.

      📚 Related: What Is a Data Breach? (And How To Protect Your Data)

      8. Carefully consider the free support

      Many companies offer free services as part of their breach responses. These can include credit report monitoring or other ways of protecting your sensitive data.

      These offers aren’t a guarantee against identity theft or financial harm. And you should still protect yourself from the breach in the other ways we’ve listed.

      Also, take any offer of support with a grain of salt. Companies ultimately need to minimize the damage — and cost — of a data breach. And sometimes accepting their help can limit your options for seeking other damages.

      For example, Equifax offered free credit monitoring after a 2017 data breach leaked data on 143 million US citizens. But some attorneys cautioned that the terms of service included in this "help" could limit you from joining class-action lawsuits against the company in the future [*].

      Either way, save any communication you receive from the company, like emails or letters. This documentation may be necessary later on as you work to protect your information.

      📚 Related: How To Tell If An Email Is From a Scammer [With Examples]

      9. Monitor other accounts for suspicious activity

      Once your sensitive information has been leaked in a data breach, it can lead to other forms of fraud and identity theft. Just because a company says the leak has been resolved, doesn’t mean your data is safe.

      After a breach, be especially mindful of:

      • Suspicious activity on your online accounts and financial statements. This includes credit or debit card charges you don’t recognize or unfamiliar activity in your bank account.
      • Unfamiliar credit inquiries, additional debt, and new accounts in your name. You can request a free credit report from each bureau once a year at Aura can also monitor your credit (as well as your bank and investment accounts) in near real-time to alert you of suspicious activity.
      • Strange calls, emails, texts, or letters. Look for suspicious activity like failed login attempts or collection calls for unfamiliar bills.

      Unfortunately, when we finally see the warning signs of identity theft, it’s often too late.

      That’s why Aura takes care of almost all of these issues for you. With Aura, you get near-real-time credit and identity monitoring, fraud alerts, protection from malware and phishing attacks, and even a $1 million insurance policy for eligible damages resulting from identity theft.

      Take action: Protect yourself from the risks of identity theft and fraud with Aura’s $1,000,000 in identity theft insurance. Try Aura free for 14 days to see if it’s right for you.

      10. Remove your personal information from data brokers

      Once your sensitive information has been leaked, it can spread quickly from Dark Web forums to the public internet where it’s accessible to all.

      Companies called data brokers (also known as “people finder sites”) collect and sell this data to telemarketers and even scammers. Removing your personal information from data brokers not only makes you safer, but can also reduce the amount of spam and scam calls and texts you receive.

      The bad news is that there are hundreds of data brokers in the United States — and manually removing your information from each of them would take weeks or months (and potentially end up with even more of your information being available).

      Instead, an automatic data broker removal service (like what’s included with Aura) can do the work for you. Aura scans data broker lists for your contact information and sends removal requests. If your information is re-added, we’ll send another request to ensure you’re safe and secure.

      Try Aura free for 14 days and get access to our full suite of tools — including automatic data broker removal.  

      11. Delete old accounts

      A data breach can be a good opportunity to clean up your cyber hygiene — the tools and habits you use to stay safe online.

      Here are some areas of your digital life you should consider “cleaning up:”

      • Account security: Are your passwords and accounts safe? Are you using strong, unique passwords and 2FA?
      • Software and operating system updates: Are your devices up to date? Hackers use vulnerabilities in outdated software to hack you.
      • Data protection: Are your data and hard drives encrypted so that hackers can’t gain access to them? Do you have recent backups of your important files in case of a hack?
      • Device and network protection: Are you using antivirus software and a virtual private network (VPN) to protect your devices from viruses and hacking?
      • Email security: Are your email spam filters up to date? Email is one of the main entry points through which scammers will target you.
      • Your digital footprint: How much of your personal information is freely available to scammers online? Fraudsters use social media and other parts of your online footprint to learn more about you.

      📚 Related: What To Do If Your Personal Information Has Been Compromised

      12. Sign up for an identity theft monitoring service

      Some of the most critical tasks for cybersecurity protection are difficult or nearly impossible for humans to do. We can’t spend all day scanning our credit statements, Dark Web archives, and up-to-date breach information.

      That’s why millions of Americans use an identity and credit monitoring service like Aura. Even if you have no idea what to do if your identity is stolen, Aura has your back.

      Aura protects the entire family, including children, who are particularly susceptible to identity theft. 

      It also secures your devices and Wi-Fi network from malware and phishing attacks so you can continue to browse, shop, and use social media while staying safe.

      But what if you suspect a cybercriminal has already taken advantage of your data? 

      📚 Related: Aura vs. LifeLock: What's the best identity theft protection for 2022?

      The Most Recent Data Breaches: Were You Impacted?

      The number of data breaches in 2023 was at all-time high of 3,205 [*]. However, in comparison to 2022, the victims affected were down by 16%.

      Here are the top five most severe data breaches from last year (by victim count):

      1. T-Mobile: Hackers prised names, birth dates, and phone numbers of over 37 million customers [*]. This attack was reported to have happened using a compromised Application Programming Interface (API).
      2. Xfinity: A notice published to the state of Maine indicated that more than 35 million people were affected by this breach [*]. Attackers needled one of Xfinity's Citrix servers to steal sensitive, customer information.
      3. PeopleConnect: Over 20 million TruthFinder and Instant Checkmate customer records were leaked from a backup database [*]. Names, emails, encrypted passwords, and expired password reset tokens were exposed.
      4. Nationstar Mortgage LLC (Mr. Cooper): In a filing with the state of Maine, Mr. Cooper said that hackers stole PII including SSNs and bank account numbers of 14.6 million customers [*].
      5. Progress Software’s MOVEit Transfer: The protected health information of ~11 million individuals were stolen as part of the many MOVEit cyberattacks last year [*]. Flashpoint estimates that 19.3% of all 2023 breaches were due to these MOVEit mass-hacks [*].

      Remember, you can see what data has been leaked by hackers using Aura’s Dark Web Scanner.

      Were You the Victim of a Data Breach? Do This

      If you’ve discovered you’re a victim of identity theft or your data has been leaked after a security breach, what do you do?

      Unfortunately, hackers can move quickly, and even the fastest response to a personal data breach can be too late. Here’s what to do if you believe a criminal has stolen your identity:

      • Secure your accounts. Update your passwords to be more secure. Set up a password manager. Enable 2FA using an authenticator app.
      • File a report with the Federal Trade Commission (FTC). Go to and report the theft. This will provide you with necessary documentation you may need to provide to resolve fraudulent charges.
      • File a report with the police. A law enforcement report can also provide documentation to help you resolve the fraud.
      • Call the impacted organizations and report the fraud. Call the affected companies and ask for the fraud department. Explain you are the victim of identity theft. You can usually reverse charges for credit card fraud and similar types of activity.
      • Freeze your credit and set up fraud alerts. Freezing your credit makes it harder for criminals to get access to your accounts or take out new credit in your name.
      • Regularly check your credit report and bank statements. Scammers are almost always after your financial accounts. Check for the warning signs of identity theft — such as strange charges on your bank statement or accounts you don’t recognize. An identity theft protection service like Aura can monitor your credit and statements for you and alert you to any signs of fraud.

      How To Protect Your Private Info From Hackers

      While you can’t take back exposed data, you can protect your data from future breaches. Here’s how:

      Reduce the amount of data you share

      The first and simplest recommendation is to reduce the amount of data you share online. This includes social media.

      Decide carefully before creating new accounts. Consider deleting accounts you don’t use and removing extra account details. These can be forgotten about during a data breach. For example, if you have a credit card on file with a company or website you don’t use very often, remove it.

      Use unique log-in details for each account you create

      One of the best ways to protect yourself in the event of a breach is to make data hard to transfer. Don’t give hackers a skeleton key to your digital life by using the same email address, log-in, and password for every account.

      Instead, use a unique password on each site and consider using different email accounts. For example, you could create one email address for newsletters and social media and another email for financial accounts.

      Every Aura plan includes a feature called email masking, which hides your personal email and reduces your exposure in the case of a data breach. Instead, when you sign up for a new service, Aura creates an alias for your email account. All emails are still forwarded to your inbox, but you don’t have to worry about receiving additional spam or scam emails.

      Use every digital security measure at your disposal (2FA, credit freeze, etc.)

      The final way you can protect your data from third-party breaches is to set up safeguards that thwart even a thief with your data. For example:

      • Two-factor authentication (2FA) makes your accounts much harder to hack, even if a thief has your username and password. Make sure you’re using an authenticator app — not SMS.
      • A credit freeze will decline loans to a thief who impersonates you.
      • Strong antivirus and VPN solution protects your devices against malware and Wi-Fi hacking.
      • Credit and identity monitoring will alert you as soon as anyone tries to use your information without your permission.

      The Bottom Line on Protecting Yourself From Data Breaches

      It feels like there’s very little we can do during a breach. We’ve entrusted our data to a third party, but that organization has betrayed that trust with poor data security and open vulnerabilities.

      And for those who haven’t been victims of a breach, the question is not if a breach will reveal information, but rather when it will happen.

      So stay vigilant. Protect your accounts with unique passwords. And most importantly, use every security measure at your disposal to keep your personal and financial information safe and secure.

      Ready for ironclad identity theft protection? Try Aura 14-days free.

      Editorial note: Our articles provide educational information for you to increase awareness about digital safety. Aura’s services may not provide the exact features we write about, nor may cover or protect against every type of crime, fraud, or threat discussed in our articles. Please review our Terms during enrollment or setup for more information. Remember that no one can prevent all identity theft or cybercrime.

      Is this article helpful so far?
      Need an action plan?

      No items found.

      Award-winning identity theft protection with AI-powered digital security tools, 24/7 White Glove support, and more. Try Aura for free.

      Related Articles

      Illustration of a man looking through a magnifying glass with a large question mark on it, indicating close scrutiny
      Identity Theft

      Here's How To Know If Your Identity Has Been Stolen

      Nearly 50% of Americans have experienced identity theft. Here's how to find out if someone has stolen your identity.

      Read More
      June 6, 2023
      Illustration of a checklist being checked off by a person holding a pen

      Victim of Fraud? Follow These 12 Recovery Steps ASAP

      The best thing you can do if you’re the victim of fraud is to act fast! Follow this checklist to secure your accounts and restore your stolen funds.

      Read More
      July 20, 2023

      Try Aura—14 Days Free

      Start your free trial today**