What to Do After a Data Breach: A Step-by-Step Guide

Getting an email that says "we recently experienced a security incident" is unsettling, but panic does not help — a clear sequence of actions does. Whether the breach hit a service you use or you discovered your data in a leak, here is a calm, step-by-step guide to limiting the damage.

Step 1: Confirm the breach is real

Breach notifications are a favorite disguise for phishing. Do not click links in the email. Instead, go directly to the service by typing its address yourself, and check their official announcements. If in doubt, the email may itself be an attack. See how to spot a phishing attack.

Step 2: Change the affected password

Log in to the breached account directly and change its password to a fresh, unique, strong one. Do not reuse an old password or a small variation. Generate a new one with the secure password generator.

Step 3: Change that password everywhere you reused it

This is the most important step and the one people skip. If the breached password was reused on other accounts, attackers will try it there — automatically. Update every account that shared that password. If you are not sure where you reused it, this is the moment to stop reusing entirely. See how to stop reusing passwords.

Step 4: Enable two-factor authentication

Turn on 2FA for the affected account and your other important accounts. With 2FA, even a leaked password is not enough for an attacker to get in. See what is two-factor authentication.

Step 5: Check what data was exposed

Breaches vary. Sometimes only email addresses leak; other times passwords, payment details, or personal information do. Read the official notice to understand what was exposed:

• Passwords exposed? Steps 2 and 3 are urgent.
• Payment details exposed? Monitor your statements and consider alerting your bank.
• Personal details exposed (address, ID numbers)? Be alert for targeted phishing and, where relevant, identity-theft monitoring.

Step 6: Watch for follow-on attacks

After a breach, expect a wave of phishing that references it, often impersonating the breached company and urging you to "secure your account" via a fake link. Stay skeptical of unsolicited messages for a while.

Step 7: Learn whether your other passwords leaked

Use the password leak checker to see if other passwords you use appear in known breaches, and rotate any that do. See how to tell if your password was leaked.

How to make the next breach a non-event

Breaches are inevitable; being hurt by them is not. The single change that turns a breach from a crisis into a shrug is unique passwords everywhere. When every account has its own password, a breach exposes exactly one account and nothing else. A password manager makes this practical — on a Mac, Passlock keeps unique passwords offline in the Keychain. Combine that with 2FA, and most breaches become something you fix in two minutes rather than fear.

Save this checklist. The next time a breach notice lands, work through it calmly and you will contain the damage.