What to Do If Your Data Has Been Leaked

by Rowan Guthrie
illustration of a pipe leaking sensitive data

The convenience modern technology provides is only possible because our personal data is stored online beyond the security of our homes.

Read More Legal Articles

Consequently, it’s at risk from criminals if it's not secured.

Get matched with a Pro
in your
area.

Please enter a service.

You Just Received a Notification That Your Data Was Compromised in a Leak. What Steps Do You Need to Take Next?

If you receive this notification, you must remain calm and approach the situation systematically.

Assess the Notification

Ensure the notification is legitimate by verifying its source. Confirm with the company or organization through official channels before taking any further steps.

Carefully read the notification to gather information about the nature of the data leak. Identify what specific personal information may have been exposed, such as your email addresses, passwords, credit card details or Social Security number.

Change Passwords

Change your passwords for the affected accounts. Use a combination of letters, numbers and symbols to create something strong and unique. Consider using a password manager to generate and store complex passwords securely.

If the compromised password was shared across multiple accounts, update those as well to prevent a domino effect of unauthorized access. Additionally, review and update security questions associated with your accounts for an extra layer of protection.

Enable Two-Factor Authentication

Implement two-factor authentication wherever possible. This ensures that even if your password is compromised, access to your accounts requires an additional verification step, usually through a code sent to your mobile device.

Use authenticator apps or hardware tokens for two-factor authentication instead of relying solely on SMS-based codes, as the latter can be intercepted by attackers using SIM swapping or other techniques.

Check Financial Accounts

Monitor your bank and credit card accounts for any unauthorized transactions. If you notice suspicious activity, report it immediately to your financial institution. Consider freezing your credit to prevent unauthorized access to your credit reports.

Review your bank and credit card statements meticulously to identify any unfamiliar transactions. Report discrepancies promptly to your financial institution.

Freeze Your Credit

Contact the major credit bureaus — Equifax, Experian and TransUnion — to freeze your credit. This prevents anyone, including yourself, from opening new accounts using your compromised information.

Although credit freezes are a robust defense against identity theft, it's essential to plan. If you intend to apply for credit in the future, consider temporarily lifting the freeze with a specific credit bureau using the PIN it provided when you froze the account.

Set Up Fraud Alerts

Place fraud alerts on your credit reports. This adds an extra layer of protection by requiring creditors to verify your identity before opening new accounts in your name. Fraud alerts typically last for one year but can be extended for up to seven years.

Extend fraud alerts to various institutions, including banks, credit card companies and other financial entities. This precaution ensures potential lenders or creditors are aware of the compromised status of your personal information.

Monitor Credit Reports

Regularly check your credit reports for suspicious activity. By law, you’re entitled to one free credit report from each of the major credit bureaus annually.

Rotate among the credit bureaus, obtaining one report every four months, to maintain continuous yearly monitoring. Look for any accounts opened without your knowledge, unfamiliar addresses or inaccuracies in personal information.

More Related Articles:

Credit Monitoring Services

Consider subscribing to credit monitoring services. Some companies offer free credit monitoring for a limited period after a data breach. This service provides real-time alerts for any changes to your credit report, helping you detect and address potential issues promptly.

Explore credit monitoring services that supply comprehensive coverage, including monitoring for Social Security number usage, public records and dark web activity. While some services are offered for free, others offer more extensive features for a subscription fee.

Report to Federal Trade Commission (FTC)

File a complaint with the Federal Trade Commission (FTC) regarding the data breach. The FTC provides guidance on recovering from identity theft and offers resources to assist you in navigating the aftermath of a data incident.

Use the FTC's identity theft website to report the incident and create a personalized recovery plan. The site also offers step-by-step guidance, sample letters to send to creditors and additional tools to help streamline the recovery process.

How Do You Keep Your Data Safe From Leaks?

Activate the built-in encryption tools on your computer: FileVault (Mac) and BitLocker (Windows). These encrypt the data on your hard drive, making it unreadable to anyone without access privileges. Only use messaging services with end-to-end encryption, such as WhatsApp and iMessage.

Regularly update your computer programs and apps to benefit from new security updates. When possible, use multifactor authentication, which is built on the principle of using two separate keys to unlock a safe. Finally, stay alert to unusual behavior with your data and respond promptly.

Elocal Editorial Content is for educational and entertainment purposes only. The information provided on this site is not legal advice, and no attorney-client or confidential relationship is formed by use of the Editorial Content. We are not a law firm or a substitute for an attorney or law firm. We cannot provide advice, explanation, opinion, or recommendation about possible legal rights, remedies, defenses, options or strategies. The opinions, beliefs and viewpoints expressed by the eLocal Editorial Team and other third-party content providers do not necessarily reflect the opinions, beliefs and viewpoints of eLocal or its affiliate companies. Use of the Blog is subject to the

Website Terms and Conditions.

The eLocal Editorial Team operates independently of eLocal USA's marketing and sales decisions.