Digital KarmaDigital Karma All Articles
Privacy & Data

Your Data Was Breached — Now What? A Step-by-Step Recovery Guide

Got the dreaded "your data may have been compromised" email? Don't panic. Here's exactly what to do, in order of priority.

Digital KarmaMay 1, 2026 7 min read

First: Don't Panic, But Do Act Fast

Data breaches happen constantly — over 3,200 breaches were reported in 2025 alone, exposing billions of records. If your information was part of one, you're not alone, and there are concrete steps you can take right now to protect yourself.

Step 1: Find Out What Was Exposed

Not all breaches are equal. The breach notification should tell you what data was compromised:

  • Email + password only: Change that password immediately (and anywhere else you used it)
  • Name + email + phone: Watch for phishing attempts using this info
  • Social Security Number: This is serious — proceed to credit freeze (Step 4)
  • Financial data: Contact your bank/card company immediately

Step 2: Change Your Passwords

Start with the breached account, then change any other account where you used the same or similar password. This is the perfect time to set up a password manager if you haven't already.

Step 3: Enable Two-Factor Authentication

Add 2FA to every important account — especially email, banking, and social media. Even if someone has your password, they can't get in without your second factor. Use an authenticator app (like Google Authenticator or Authy) rather than SMS when possible.

Step 4: Freeze Your Credit (If SSN Was Exposed)

A credit freeze prevents anyone from opening new accounts in your name. It's free and takes about 10 minutes:

  • Equifax: equifax.com/personal/credit-report-services/credit-freeze
  • Experian: experian.com/freeze
  • TransUnion: transunion.com/credit-freeze

You'll need to freeze at all three bureaus separately. You can temporarily "thaw" the freeze whenever you need to apply for credit.

Step 5: Monitor Your Accounts

For the next 6-12 months, keep a close eye on:

  • Bank and credit card statements for unauthorized charges
  • Your email for password reset requests you didn't initiate
  • Your credit report for accounts you didn't open (annualcreditreport.com gives you free weekly reports)

Step 6: Watch for Phishing

After a breach, scammers often pose as the breached company to steal even more information. Be suspicious of emails or calls claiming to be from the company, especially if they ask for personal information or payment.

Remember: The breached company should never ask for your password or Social Security number by email or phone. If someone contacts you claiming to be from the company, hang up and call them directly using the number on their official website.

data breachprivacyidentity theftrecovery

Want to know your Security Score?

Take our free survey and get a personalized cybersecurity assessment — plus early access to the Digital Karma app.

Take the Free Survey
Back to all articles