What to Do When You Get a Data Breach Notification (Step-by-Step Guide)

Introduction: The Moment You Get That Breach Alert

Your phone buzzes.
"Your data was exposed in a breach."

Now what?

Most people panic, ignore it, or don’t know what to do.
Here’s exactly what to do in the next 24 hours.

First: Don’t Panic (But Don’t Ignore It Either)

Data breaches are extremely common:

• 3.2 billion accounts were breached in 2023 alone
• The average person has been in 3–7 breaches
• Most people don’t know about half of them

This is not a personal attack.
It’s normal — but it is something you need to address immediately.

What Actually Happened

When you get a breach notification, it means:

• A company you used got hacked
• Hackers accessed their database
• Your information was included

Common exposed data:

• Email addresses (almost always)
• Passwords (hashed or plaintext)
• Usernames
• Full names
• IP addresses
• Dates of birth
• Phone numbers
• Physical addresses
• Credit cards (rare, but possible)

The notification will tell you what was exposed.
Read it carefully.

Step 1: Identify WHICH Breach (5 minutes)

Go to https://haveibeenpwned.com

1. Enter your email.
2. Review all breaches associated with it.

You’ll see:

• Services breached
• Dates
• What data was exposed
• Total accounts affected

Example:

LinkedIn (2021)

• 700M accounts
• Exposed: Emails, names, phone numbers, job titles

Do this for:

• Your main email
• Old emails
• Work email
• Any email you've ever used

Step 2: Assess the Damage (10 minutes)

Not all breaches are equal.

Low Severity (annoying, not dangerous)

• Only email exposed
• No passwords
• No personal data

Action: Monitor for spam.

Medium Severity (act within 24 hours)

• Passwords exposed (even if hashed)
• Personal info (name, phone, address)

Action: Change passwords within 24 hours.

High Severity (act immediately)

• Plaintext passwords
• Credit card numbers
• Social Security Number
• Banking details

Action: Change passwords NOW. Freeze credit. Notify bank if needed.

Step 3: Change Your Password (15 minutes)

For the breached service:

1. Log in
2. Go to Settings → Security
3. Change password immediately
4. Enable 2FA

Strong password rules:

• At least 16 characters
• Mix of symbols, numbers, letters
• Completely unique

Bad example: Summer2024!
Good example: K9$mPq2#vL8@nX4&wR7!cF1

Use a password manager (1Password, Bitwarden).

Change passwords for ANY service using the same password

This is critical.

Hackers will attempt credential stuffing.

How to find reused passwords:

• Check your password manager
• Think about accounts created during the same period
• Common risky overlaps: email, banking, social media, shopping

Change all reused passwords.

Step 4: Enable Two-Factor Authentication (10 minutes)

What is 2FA?

Even if someone has your password, they can’t log in without a second code.

Enable 2FA on:

• Email (MOST IMPORTANT)
• Banking
• Social media
• Breached service
• Any sensitive accounts

Choose app-based 2FA (recommended):

• Google Authenticator
• Authy

Why not SMS?
SMS can be intercepted through SIM swapping.

Step 5: Check for Suspicious Activity (15 minutes)

On the breached service:

Check:

• Changes to account settings
• Login history
• Connected devices
• Recent activity

If something looks off:

• Change password
• Log out all devices
• Enable 2FA
• Contact support

On your other accounts:

Look for:

• Password reset emails
• Unfamiliar sent messages
• Bank activity
• Strange credit card charges
• Social media posts you didn’t make

Set up alerts:

• Bank: text for every transaction
• Credit card: alerts for all charges
• Email: new device login alerts

Step 6: Consider Freezing Your Credit (30 minutes)

Freeze credit if exposed data includes:

• Social Security Number
• Date of birth + address

Freeze at all 3 bureaus:

Equifax: https://equifax.com/personal/credit-report-services
Experian: https://experian.com/freeze/center.html
TransUnion: https://transunion.com/credit-freeze

What freezing does:

• Prevents new accounts from being opened
• Doesn’t affect existing credit
• Free to freeze + unfreeze

Step 7: Monitor for Future Issues (Ongoing)

Free monitoring:

• Have I Been Pwned (breach alerts)
• Credit Karma (credit activity)
• Bank alerts

Paid options:

• Identity theft protection
• Credit monitoring
• Dark web monitoring

Watch for:

• New breaches
• Strange credit inquiries
• Bank anomalies
• Password reset emails you didn’t request

Step 8: Find Other Forgotten Accounts (1–2 hours)

If one service was breached, chances are you have dozens of forgotten accounts.

Option 1: Manual Audit (free)

Search Gmail for:

• “welcome to”
• “verify your email”
• “account created”

Check:

• Password manager
• Google/Facebook/Apple login history

Option 2: Automated Audit (5 minutes)

Use GhostSweep:

• Scans Gmail metadata
• Finds all accounts automatically
• Shows which were breached
• Provides deletion templates

Then:

• Delete accounts you don’t use
• Secure accounts you keep
• Enable 2FA everywhere

Step 9: Delete the Breached Account (If You Don’t Use It)

How to delete:

1. Log in
2. Go to Settings
3. Find Delete Account or Close Account

If hidden, email support:

Subject: Account Deletion Request

Hello,

I would like to permanently delete my account associated with [email].

Under GDPR Article 17 / CCPA Section 1798.105, please delete all personal data associated with my account and confirm within 30 days.

Thank you,
[Your Name]

Why delete unused accounts:

• Can’t be breached again
• Reduces attack surface
• Fewer companies store your data

Step 10: Learn From This (Future Prevention)

1. Use unique passwords everywhere

A password manager makes this easy.

2. Enable 2FA on all important accounts

Email, banking, social media.

3. Don’t overshare

Give only required information.

4. Delete unused accounts

You can’t be breached if the account doesn’t exist.

5. Monitor regularly

Sign up for breach alerts
Check HaveIBeenPwned periodically
Use GhostSweep for account monitoring

The 24-Hour Checklist

Within 1 hour:

• Identify which breach (HaveIBeenPwned)
• Assess severity
• Change password on breached service
• Enable 2FA

Within 24 hours:

• Change reused passwords
• Check for suspicious activity
• Enable 2FA on all important accounts
• Consider credit freeze

Within 1 week:

• Find forgotten accounts
• Delete unused accounts
• Set up breach monitoring

Common Questions

Q: The breach happened 2 years ago — should I still act?
Yes. Stolen data circulates for years.

Q: Passwords were “hashed.” Am I safe?
Not necessarily. Weak hashing can be cracked. Change passwords.

Q: Should I close my account?
If unused: yes.
If used: secure it.

Q: Can I sue the company?
Possibly. Search for “$begin:math:display$company name$end:math:display$ breach lawsuit.”

Q: Will this happen again?
Probably. That’s why prevention matters.

Real Examples

LinkedIn (2021) — 700M accounts

Exposed: Emails, names, phone numbers
Severity: Medium

Equifax (2017) — 147M accounts

Exposed: SSNs, DOBs, addresses
Severity: High

Adobe (2013) — 38M accounts

Exposed: Emails, encrypted passwords
Severity: Medium–High

Facebook (2019) — 533M accounts

Exposed: Phone numbers, names
Severity: Medium

The Bottom Line

Getting breached isn’t the end of the world.
What matters is what you do next:

• Change passwords
• Enable 2FA
• Check for suspicious activity
• Delete unused accounts
• Monitor for future breaches

Most people ignore breach notifications.
Don’t be most people.

Take one hour today to protect yourself.
Your future self will thank you.

Check if you've been breached: https://haveibeenpwned.com
Find all your accounts: https://ghostsweep.com