This article is brought to you by Aura.
Watch the video to see how we protect you online.
This article is brought to you by Aura. Watch the video to see how we protect you online.
Start Free Trial
4.7 stars on Trustpilot
Close Button
What is Aura? (1:10)

What To Do If Your Data Has Been Breached

If you receive a Dark Web alert or data breach notification, you should act quickly to freeze your credit, update passwords, and look for signs of fraud

If you receive a Dark Web alert or data breach notification, you should act quickly to freeze your credit, update passwords, and look for signs of fraud

Illustration of a strong arm forcefully breaking through a secure lock, symbolizing a data breach

Aura’s app keeps you safe from scams, fraud, and identity theft. Try Aura for free.

4.6 stars as of Sept. 2024

In this article:

    In this article:

      See more

      Aura’s digital security app keeps your family safe from scams, fraud, and identity theft.

      See pricing
      Share this:

      What Can You Do To Stay Safe After a Data Breach?

      Data breaches are among the biggest threats to your identity and finances. Unfortunately, in 2024, it’s almost guaranteed that at least some of your personal data has been leaked in a data breach.

      In April 2024, the hacking group USDoD stole and leaked 2.7 billion personal records from National Public Data — including names, addresses, birthdates, Social Security numbers (SSNs), and phone numbers from victims in the United States, Canada, and the United Kingdom [*].

      How you should respond to a data breach depends on the type of data that has been stolen. But, as soon as you realize you’re a victim, these are the first steps you should take:

      • Freeze your credit with the three major credit bureaus (Experian, Equifax, and TransUnion)
      • Update all passwords, and enable two-factor authentication (2FA)
      • Check your bank statements and free credit reports for signs of fraud
      • Cancel any leaked accounts, and get new credit and debit cards
      • Stay alert and be on the lookout for signs of fraud

      Here’s what else you can do to stay safe and protect your identity:

      {{show-toc}}

      What You Should Do If Your Data Has Been Breached

      1. Look for a data breach notification from the impacted company

      All U.S. states and territories have legislation that mandates the disclosure of data breaches once they are discovered [*]. However, many companies don’t recognize and report breaches until months after they’ve happened. 

      If you receive a data breach notification from a company, you can assume any leaked information is available to anyone on the Dark Web

      Here’s what IdentityTheft.gov suggests you do, depending on what information was leaked:

      Type of sensitive information
      What to do
      Passwords and login details
      Update all impacted accounts with strong passwords and two-factor authentication (2FA). If you reuse passwords across accounts, make sure you update all of them.
      Credit card or bank account numbers
      Contact your bank or credit card company to cancel your cards and request new ones. Continue to monitor your statements for signs of fraud. (You can request free credit reports every week from AnnualCreditReport.com).
      Personal identifiers, such as your SSN
      Freeze your credit with all three major bureaus, and regularly check your credit reports for suspicious activity. You should also be cautious of anyone calling you claiming to be from the Internal Revenue Service (IRS) or other government agencies.
      Your child’s information
      Contact the major credit bureaus and request a credit freeze on behalf of your child. Carefully review any credit reports in your child’s name for signs of fraud.
      Driver’s license
      Contact your nearest Department of Motor Vehicles (DMV) and report your lost or stolen driver’s license.

      Pro tip: Not sure how much of your sensitive information cybercriminals have stolen? Use Aura’s free Dark Web scanner to check what information has been exposed in recent data breaches. 

      2. Freeze your credit with all major credit bureaus

      A credit freeze blocks anyone from accessing your credit report. This means that scammers won’t be able to open new accounts or take out loans in your name (and ruin your credit score).

      To freeze your credit, you must contact each of the three major credit reporting agencies individually. They'll ask for proof of your identity and give you a PIN to freeze (and unfreeze) your credit.

      Here’s how to contact the credit bureaus:

      Experian
      Equifax
      TransUnion
      1-888-397-3742
      1-800-685-1111
      1-888-909-8872
      Experian Security Freeze — P.O. Box 9554, Allen, TX 75013
      Equifax Information Services LLC — P.O. Box 105788, Atlanta, GA 30348-5788
      TransUnion LLC – P.O. Box 2000, Chester, PA 19016

      Identity thieves may try to bypass credit freezes by using your personal information to impersonate you with businesses that rely on alternative reporting agencies. 

      These lesser-known agencies — such as Innovis or LexisNexis — can be used by companies for screening purposes regarding employment, tenancy, new financial accounts, and credit-related applications like Payday loans. 

      The Consumer Financial Protection Bureau (CFPB) has a list of consumer reporting agencies. To protect yourself, freeze your credit files with these smaller bureaus, too.

      Why not use a fraud alert?

      A fraud alert requires credit companies to identify you before verifying a credit approval. This added layer of security makes it harder for criminals to open new accounts or take out loans in your name. However, a fraud alert is less secure than a freeze because some lenders ignore the alert or use verification methods that scammers can easily bypass. 

      3. Update your passwords, and enable 2FA

      Once you know your data has been compromised, you need to secure your accounts and limit the damage that hackers can do. 

      How to create secure passwords: 

      • Make them unique. Use different passwords for every account. If you reuse a password that is compromised in a security breach, it can put multiple accounts in danger.
      • Make them complex. Combine uppercase and lowercase letters, numbers, and symbols to create hard-to-guess passphrases. 
      • Make them long. Aim for at least 13 characters to protect against brute force attacks. A password manager makes it easier to create and store long, unique, and complex passwords for every account.
      • Back them up with 2FA. Enable two- or multi-factor authentication (2FA/MFA) on every account that allows it. This security measure requires a secondary authentication method to access your accounts — such as a one-time use code or biometric elements (fingerprint or facial scan).
      Pro tip: Many people use text messages (SMS) to receive their 2FA codes, but hackers can compromise this method by taking over your phone number via a SIM swap scam. Instead of SMS codes, try using an authenticator app like Google Authenticator or Okta.

      4. Check your bank statements and free credit reports for signs of fraud

      If scammers have used your leaked data to take out loans or open accounts, it should appear on your credit reports. Every American is entitled to free credit reports from all three bureaus each week by visiting AnnualCreditReport.com

      Go through your credit reports and look for suspicious accounts, inquiries, and charges. Next, do the same with your bank statements. If you notice signs of fraud, immediately contact your bank or financial institution — they can put a fraud alert on your account and help you dispute fraudulent charges.

      📚 Related: Do Banks Refund Scammed Money? (How To Dispute Fraud)

      5. Cancel any leaked accounts, and get new credit and debit cards

      Depending on what financial information was stolen, you may need to replace your credit and debit cards. You should also cancel any accounts that were compromised in a data breach.

      • To cancel and replace credit or debit cards: “Lock” your cards by using your online banking account or mobile bank app. If this isn’t an option, contact your bank’s fraud department by calling the number on the back of your card. Make sure to update your credit card numbers (or other payment methods) for any recurring bills.
      • To cancel compromised financial accounts: Contact any lender or provider through which your account information was leaked, explain what happened, and ask to cancel your account. If you’re having problems disputing fraud or closing fraudulent accounts, you can file a CFPB complaint online. 

      6. Carefully consider the help offered by breached companies

      Many companies offer free services in the wake of a data breach — such as credit report monitoring or identity monitoring. 

      Be sure you know what you’re getting into before signing up for these services. 

      • Free services are often severely limited. Companies ultimately need to minimize the damage and cost of a data breach and may provide only one-bureau credit monitoring — or identity theft protection services that are inferior to other paid options. 
      • Accepting help may limit your ability to be a part of class action lawsuits. For example, Equifax offered free credit monitoring after a 2017 breach leaked the data of 143 million U.S. citizens. However, some attorneys cautioned that the terms of service included in this type of "help" could limit victims from joining class-action lawsuits against the company in the future [*].
      🏆 Aura’s award-winning protection is a better option. Every Aura plan includes #1-rated identity theft protection and credit monitoring services, Dark Web monitoring, data breach notifications, advanced digital security tools, 24/7 U.S.-based support and up to $5 million in insurance coverage. Try Aura free for 14 days.

      7. Stay alert, and look for signs of scams

      Whenever your personal data is exposed, it makes you a more attractive target for scammers, hackers, and fraudsters. 

      After you’ve been part of a data breach, be on the lookout for: 

      • Suspicious account activity. If an online account looks different or is acting strangely, it may have been hacked (or your device could be infected with malware). Make sure you have access to all of your most important accounts. 
      • Unfamiliar financial accounts or changes. Any unfamiliar withdrawal or change to a financial account should be a cause for concern. Don’t wait to report them either, as your liability for losses can change depending on how long you wait to contact your financial institution.
      • Strange calls, emails, texts, or letters. Fraudsters may use information available on the Dark Web — such as your SSN or Medicare number — to trick you into thinking their correspondences are legitimate. Slow down, and look for the signs of a phishing scam

      📚 Related: Aura vs. LifeLock Comparison and Showdown: Which One Is Better?

      What To Do If Your Leaked Data Was Used By a Criminal

      If someone illegally uses your leaked data, you are the victim of identity theft. Along with the steps described above, you can minimize the damage by making sure you do the following:

      • File a report with the Federal Trade Commission (FTC). Go to IdentityTheft.gov and report the crime. The FTC will provide you with an official identity theft affidavit and personalized recovery plan to help mitigate the impact of fraud.
      • File a report with the police. A law enforcement report can also provide documentation to help you resolve the fraud.
      • Call the impacted organizations and report the fraud. Call the affected companies and ask for the fraud department. Explain that you are the victim of identity theft, and ask to reverse charges and close any fraudulent accounts. You may need to supply a police or FTC report in order for them to comply.
      • Claim your account with the Social Security Administration (SSA), and “Self Lock” your SSN. You can create a my Social Security account at www.ssa.gov to claim your account before someone else does. The SSA also offers a "Self Lock" service that helps prevent scammers from using your SSN to gain illegal employment. 
      • Request an Identity Protection PIN from the IRS. To protect against fraudulent tax returns, the IRS can assign you a secret six-digit number, which you can use to verify your identity when filing your taxes. You can request an IP PIN by visiting the IRS.gov website.
      • Regularly check your credit report and bank statements. Scammers are almost always after financial accounts. Check for the warning signs of identity theft — such as strange charges on your bank statement or accounts that you don’t recognize. 

      {{show-cta}}

      How To Protect Yourself Against Data Breaches

      While you can't undo a previous data breach, you can lower your risk of exposure in future breaches. 

      Here’s how to protect yourself:

      • Reduce the amount of personal data that you share. Don’t give away your information to scammers. Limit what you share online and on social media, remove contact information from Google search results, and carefully consider all future photo and location sharing. 
      • Use unique passwords for each account. Data breaches regularly leak passwords. When you use unique passwords for every account, you minimize the damage that hackers can do. 
      • Use every digital security measure at your disposal. The more layers of security protecting your accounts, the better. Aura comes with a full suite of cybersecurity tools, including powerful antivirus software, a military-grade virtual private network (VPN), password manager, and more. 

      Data breaches can catch you off guard. But with Aura, you’ll be warned in near real-time about new breaches and receive alerts when your personal information appears on the Dark Web. 

      Plus, every account includes #1-rated identity theft protection, three-bureau credit monitoring with the industry’s fastest fraud alerts3, digital security tools for all of your devices, 24/7 U.S.-based support, and up to $5 million in identity theft insurance

      Don’t Let Data Breaches Ruin Your Life. Try Aura free for 14 days.

      Editorial note: Our articles provide educational information for you to increase awareness about digital safety. Aura’s services may not provide the exact features we write about, nor may cover or protect against every type of crime, fraud, or threat discussed in our articles. Please review our Terms during enrollment or setup for more information. Remember that no one can prevent all identity theft or cybercrime.

      Is this article helpful so far?
      Yes
      No
      Skip
      Need an action plan?

      No items found.
      Is your child ready for a cell phone? Take this quiz to find out.
      Start Quiz

      Award-winning identity theft protection with AI-powered digital security tools, 24/7 White Glove support, and more. Try Aura for free.

      Related Articles

      Illustration of a man looking through a magnifying glass with a large question mark on it, indicating close scrutiny
      Identity Theft

      Here's How To Know If Your Identity Has Been Stolen

      Nearly 50% of Americans have experienced identity theft. Here's how to find out if someone has stolen your identity.

      Read More
      June 6, 2023
      Illustration of a checklist being checked off by a person holding a pen
      Fraud

      Victim of Fraud? Follow These 12 Recovery Steps ASAP

      The best thing you can do if you’re the victim of fraud is to act fast! Follow this checklist to secure your accounts and restore your stolen funds.

      Read More
      July 20, 2023

      Try Aura—14 Days Free

      Start your free trial today**