Q: What should I be doing if I was notified of a data breach?
A: Few things can rattle your day like a notification saying your information was exposed in a data breach. These notices — whether they come from a retailer, financial institution or health care provider — aren’t something to ignore.
They’re your early warning system that the personal data you rely on every day may now be in the hands of someone who shouldn’t have it.
Understand what was taken
Start by looking closely at the notice to understand exactly what kind of data was exposed. Not all breaches are created equal. An email address or phone number being leaked is inconvenient but very manageable.
Compromised Social Security numbers, bank account details or medical information are a different thing altogether.
The breach notice should spell out what was accessed and when the incident occurred — critical details that guide your next moves.
If the notice is vague or doesn’t list what was exposed, go to the organization’s website to see if they’ve published more detailed information. Companies often post a more complete explanation online than what’s in the initial notification notice.
Change your passwords
If the affected account uses a password, change it right away, even if the company says passwords weren’t accessed.
Hackers often try to pair stolen emails with previously leaked passwords to see if they can gain access. If you’re using the same password anywhere else, change it on the other sites as well.
This is also a good moment to enable two-factor authentication on all your accounts. It adds a second step to log in, such as a text code or authentication app, which dramatically reduces the value of a stolen password.
Review your financial accounts
If the breach involved any financial data, keep a close eye on your bank and credit card transactions for the next several months.
Fraud often shows up much later, once criminals bundle and resell the stolen information.
Most banks allow you to set up alerts for withdrawals, charges above a certain amount or failed login attempts. These alerts give you real-time insight so you don’t have to manually monitor every line item.
Freeze your credit, if necessary
If your Social Security number or other highly sensitive personal details were exposed, freezing your credit is one of the strongest protective steps you can take. A freeze blocks new credit from being opened in your name until you lift it.
You’ll need to contact all three major bureaus — Equifax, Experian and TransUnion — but it’s free to place or remove a freeze. Just be sure to store the PIN you use in a secure place, as unfreezing your credit will require it.
Take advantage of free monitoring
Most companies involved in a breach will offer free credit or identity monitoring for a period of time. It’s worth accepting, even if you already have some form of monitoring, because different services catch different things.
Stay alert for follow-up scams
Finally, be cautious about follow-up emails or calls claiming to offer help. Scammers know breach victims are anxious and will impersonate the breached company to trick you into handing over even more information. When in doubt, reach out directly through the company’s verified contacts.
A breach notice isn’t good news, but taking a few focused steps can turn a rough situation into a manageable one.
Get breaking news and daily headlines delivered to your email inbox by signing up here.
© 2025 WTOP. All Rights Reserved. This website is not intended for users located within the European Economic Area.
