Seven Things to Do Right Away If You're a Victim of a Data Breach
In today's digital age, data breaches have become all too common and leave unsuspecting consumers vulnerable to a host of identity theft issues.


Donna LeValley
In today's digital age, data breaches have become all too common and leave unsuspecting consumers vulnerable to a host of identity theft issues. From AT&T to National Public Data, no industry seems to be safe from determined hackers. Last year alone, 17 billion records were exposed in reported data breaches, according to Flashpoint.com, a Washington, DC based cybersecurity risk management firm.
If you've been notified by your credit card company, a retailer you visit often or another trusted source that your sensitive information has been compromised, you'll need to act fast. Taking action within the first 48 hours is the difference between stopping identity thieves dead in their tracks or having them wreak havoc on your financial life for months to come, suggests Carrie Kerskie, president of Kerskie Group LLC, a Naples, Fla.-based company that helps identity fraud victims recover.
We've combed through our archive of tried-and-true advice, spoken with industry experts, and reviewed the Federal Trade Commission's consumer tips to find out what steps you should take immediately after discovering you're a data breach victim. Here's where to start.

1. Find out what information was compromised
Discovering that your sensitive personal information has been compromised can be scary. Even still, that's not an excuse to let panic stop you from taking the appropriate measures before it's too late. First, you'll want to find out what information was compromised, says Andrew Schrage, co-owner of the personal finance blog MoneyCrashers.com. This step is vital, because depending on the type of information that was exposed you may need to address it more urgently.
For example, in 2024 the UnitedHealth Group cyberattack at its Change Healthcare unit data breach included Social Security numbers, credit card data, bank account numbers, medical record numbers, providers, diagnoses, medicines, test results and more. An identity thief using your Social Security number to open new lines of credit can be detrimental to your credit history for months afterwards. In this scenario, you would want to immediately notify the major credit bureaus, your credit card provider, and your bank. But a data breach that exposes only phone numbers and e-mail addresses isn't nearly as severe and wouldn't warrant an immediate response.
If you are unsure about the appropriate course of action, go to the Federal Trade Commission's (FTC) IdentityTheft.gov/databreach website for recommendations on how to proceed based on the type of personal information that was exposed in any particular breach.

2. Change your passwords
Armed with your sensitive personal information, it may not take skilled hackers long to figure out the password to your e-mail or bank account — especially if it's something as simple as your birthday or pet's name. That's why you should change the passwords to all of your pertinent accounts as soon as possible.
To avoid having to remember a long list of online passwords, use a password manager. We often recommend LastPass, which uses a browser extension to store multiple account passwords and encrypts that information. To help make it easier, you'll only need to remember the LastPass password rather than a long list of passwords. The service includes a multifactor authentication login process. This means in addition to inputting your "master" password, you'll have to input a special code sent to a secondary device (such as a text message to your smartphone) before the login process is complete.
LastPass offers several different plan types including a free version. Their premium plans, which range in price from $3 to $7 per month, are available for personal or business use and include encrypted file storage.

3. Sign up for transaction alerts
To help prevent further fraudulent activity, be sure to sign up for transaction alerts for your bank and credit card accounts. In doing so, you'll be notified by e-mail or text message whenever there's a new charge to your account.
Be sure to set up the notifications for the lowest transaction amount possible. That's because crooks will test accounts with small charges first before making larger ones. If you start to see charges you don't recognize, contact your bank or card issuer immediately.

4. Initiate a fraud alert
For an added layer of protection, consider placing a fraud alert on your credit reports. (You can request a fraud alert if you've been a victim of a data breach or if your wallet, Social Security card or other form of personal identification has been lost or stolen, according to the FTC.) A fraud alert requires a business or financial institution to verify your identity first before issuing a new line of credit. It's free and remains active for one year. If necessary, you can even renew it.
- How to do it: Contact one of the major credit bureaus and request a fraud alert on your credit report. Each credit bureau is required to notify the other bureaus about the alert. Make sure your most recent contact information is on file.

5. Freeze your credit
If you want to lock down your credit even more, put a freeze on your credit (also referred to as a security freeze). With a freeze, potential new creditors aren't even able to access your credit history to determine if you're eligible for a loan or new credit card. When the time comes to lift the freeze — say, you're looking to purchase a home or buy a car — you can do so temporarily and reinstate the freeze later.
A credit freeze is free. To get started, you'll need to contact all three major credit bureaus (Equifax, Experian and TransUnion). The quickest way to do this is over the phone or online. You'll want to have your Social Security number, birth date and home address handy, because you'll be asked to supply this information to help verify your identity.
Managing a security freeze is simple, and in most cases you can do it on your own, Griffon Force's Kerskie notes. On Equifax.com, for example, you can log into your account to set up a freeze, lift it temporarily or cancel it.

6. Monitor your credit report
Chances are, you'll be on high alert in the weeks and months after your sensitive personal information has been compromised in a data breach. This is the time to be extremely vigilant and keep a close eye on your credit report. Doing this will help you flag any suspicious activity as soon as it happens.
There are several sites and online services where you can get a free copy of your credit report on a weekly, monthly or annual basis:
AnnualCreditReport.com: This is the only place where you can request a complete report from all three major credit bureaus annually. The report will be dense with text, and the level of detail can be overwhelming.
CreditKarma.com: Register to get weekly, comprehensive updates on your Equifax and TransUnion credit reports. The site also provides financial calculators and other resources to help you better understand your credit history.
Experian: You'll have to register and create an account on their website to receive a free updated Experian credit report every 30 days. You can also get notification alerts to help identify potentially fraudulent activity.
Also, don't underestimate the importance of carefully examining your banking and credit card statements, advises Kimberly Palmer, a personal finance expert for NerdWallet.com. "Sometimes the first sign of identity theft is an erroneous charge on a monthly statement," she says.

7. Beware of phishing scams
E-mail addresses and phone numbers are often included in data breaches. For example, contact information for 3 billion people was exposed in the National Public Data data breach this year. Armed with this information, crooks can target unsuspecting victims with e-mails, text messages or phone calls aimed at tricking them into divulging more personal information — or even collecting money. In many cases, they'll pose as official representatives of a financial institution or a federal government agency. They may try to pressure you on the spot into making a payment for an overdue bill or threaten legal action.
It's important to remember that a federal government agency, such as the IRS, won't ever call you and request payment of any sort over the phone. The IRS always sends notification via snail mail if there's a legitimate situation that needs to be addressed.
With potential e-mail scams, don't click on any links or open attachments that look suspicious. Doing so could infect your computer or smartphone with malware, allowing scammers to gain access to your device without your knowledge.
Lastly, never authenticate yourself over the phone when contacted by someone you aren't sure is who they say they are. If you're doubtful, look up the phone number for the institution this person is claiming to represent, and call it to see if it actually contacted you.
Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more. Delivered daily. Enter your email in the box and click Sign Me Up.

Browne Taylor joined Kiplinger in 2011 and was a channel editor for Kiplinger.com covering living and family finance topics. She previously worked at the Washington Post as a Web producer in the Style section and prior to that covered the Jobs, Cars and Real Estate sections. She earned a BA in journalism from Howard University in Washington, D.C. She is Director of Member Services, at the National Association of Home Builders.
- Donna LeValleyRetirement Writer
-
Don’t Miss Apple and Walmart Back-to-School Tax-Free Holiday Savings this Summer
Sales Tax Select states host sales tax holidays during the summer; here’s what you can purchase.
-
The Rule of Retirement Inversion
The rule of retirement inversion says that to have a great retirement, you must ask yourself what would ruin a great retirement — and then plan to avoid it.
-
The Five Best Side Hustles for Retirees
More older people are working in retirement to boost income and stave off boredom. These gigs and hustles make the most sense for the golden years crowd.
-
TSA’s New Family Lanes Aim to Take the Stress Out of Summer Travel
The “Families on the Fly” campaign introduces family-friendly security lanes and discounted TSA PreCheck fees — just in time for peak travel season.
-
From Piggy Banks to Portfolios: A Financial Planner's Guide to Talking to Your Kids About Money at Every Age
From toddlers to young adults, all kids can benefit from open conversations with their parents about spending and saving. Here's what to talk about — and when.
-
Retirement in the Age of Cyber Scams: How To Protect Your Next Chapter
Retirement is meant to be a time of relaxation and living life on your terms. But for many retirees, this dream is under threat from a growing epidemic — cyber scams.
-
Heat Wave in Europe: What Every Traveler Needs to Know
Record-breaking summer temperatures, wildfires, and travel disruptions — they’re reshaping summer 2025 trips. Here’s how to stay safe, prepared and savvy.
-
You'll Kick Yourself in the Fall if You Don't Make This Savings Move Now
Inflation will likely prevent the Fed from cutting rates until the fall. However, does a long-term CD provide enough of a return to outpace climbing prices?
-
Spot Heat Exhaustion in Your Pet Before It Costs Them — and You
Heat strokes aren't just for humans. The signs of heat exhaustion in pets can be harder to spot, but just as deadly.
-
A Financial Planner's Guide to Unlocking the Power of a 529 Plan
529 plans are still the gold standard for saving for college, especially for affluent families, though they are most effective when combined with other financial tools for a comprehensive strategy.