Here’s What You Should Do After a Data Breach

Quick Answer

If you’re notified that your personal information was exposed in a data breach, act immediately to change your passwords, add a security alert to your credit reports and consider placing a security freeze on your credit reports.

Here’s What You Should Do After a Data Breach article image.

Experian, TransUnion and Equifax now offer all U.S. consumers free weekly credit reports through

If your personal information is exposed in a data breach, it's important to act quickly to secure your bank and credit card accounts and to take additional steps to prevent credit fraud.

1. Stay Alert

If your personal information was exposed in a data breach, the breached company is likely to notify you. (If they operate in any of the 50 states, they're compelled by law to do so.) If you receive a breach notice, retain all documents and take recommendations they provide seriously.

Be aware that data breaches are not always detected immediately, so by the time you receive a notice, your information may have been available to criminals for some time. With that in mind, hang on to any unusual mail or emails, such as IRS tax notices, bills or statements from unfamiliar lenders.

2. Secure Your Accounts

Starting with any accounts specified in the breach notification, update the passwords and PINs you use to log in to your bank and credit card accounts. Accounts affected directly in a breach are obviously at greatest risk, but access to any of your personal information heightens the risk that your other accounts could be compromised.

By now, let's hope you've taken to heart years of warnings about reusing account passwords. If not, a thief who's obtained login information for one account could be able to use the same information to break into others. While you're updating the passwords on your accounts, consider stepping up your password game by using a free password manager. These easy-to-use apps generate highly secure, unique passwords and remember them for you. All you have to remember is one master password.

If you haven't already done so, as you tweak your passwords also consider activating two-factor authentication to your accounts. This requires you to get a confirmation code via text message or email before each login, to prove you're you. It adds a small step to the sign-in process, but it makes it much harder for password thieves to gain access.

3. Initiate a Fraud Alert

A fraud alert notifies any lender processing a credit application in your name that you may be a victim of fraud or identity theft and requests that they verify the applicant is really you before moving ahead with the application.

When you add a fraud alert to your Experian credit report (or to your report at either of the other two national credit bureaus, TransUnion or Equifax), the alert is automatically applied to your credit reports at all three bureaus.

A fraud alert will stay on your credit report for one year. You can renew the fraud alert when it expires. If your worst suspicions are confirmed and you find you're victimized by fraud, you can apply an extended fraud alert that lasts seven years before requiring renewal.

4. Monitor Your Financial Accounts and Credit Reports

Keep tabs on your bank and financial accounts and set up any available alerts to notify you of activity on the account. Staying aware of unusual or unexpected activity on your account lets you detect potential scams early and allows you to report or investigate them promptly.

Checking your credit report also can help you identify any unusual activity related to credit fraud and identity theft, such as the creation of loan or credit card accounts you don't recognize and the addition of unfamiliar addresses to your personal information. You can get an updated Experian credit report every 30 days with a free Experian account, and check your reports from all three credit bureaus for free at

Free credit monitoring from Experian automates the process of checking your Experian report by sending you emails or text messages anytime there's new activity on your Experian credit report.

5. Freeze or Lock Your Credit File

Though potentially more inconvenient than a fraud alert, you might consider applying a free security freeze, which limits access to your credit report at a specific credit bureau. You can freeze your Experian credit report here and can separately freeze your credit reports at Equifax and TransUnion.

Freezing your credit at all three bureaus helps protect your credit file from scammers and other criminals who may apply for credit in your name. However, it will also prevent creditors from accessing your credit for legitimate credit applications. If you want to allow a lender to view a frozen credit report (as when applying for a credit card or loan), you must first "thaw," or unfreeze, your credit reports.

Locking your credit file is another way to protect yourself from fraudulent credit applications being submitted in your name. You can lock and unlock your Experian credit file with CreditLock, which is included with Experian CreditWorks℠ Premium. Similar services are offered at the other credit bureaus.

The Bottom Line

Exposure of your personal information in a data breach is a downside to the convenience of digital transactions and e-commerce. It's wise to be prepared in case it happens to you, and to act quickly if it does to minimize the potential damage.

If you're the victim of a breach, take a breath, try not to panic and follow these steps. If you confirm your data has been stolen or misused, act immediately and report the matter to appropriate authorities.

Learn More About Data Breaches

  • What Is a Data Breach?
    A data breach is the theft of personal information from an organization’s digital records. Here’s how a data breach may affect you.
  • How to Freeze Your Credit
    Request a credit freeze online or by mail from each of the three national credit bureaus to limit most access to your credit reports indefinitely.
  • How to Place a Fraud Alert
    It’s quick and easy to add a fraud alert to your credit report, notifying lenders to confirm your identity before processing applications for loans or credit.
  • How Can I Protect Myself After My Information Was Stolen?
    You can protect your credit after your identifying information is stolen. Start with a fraud alert, and move to a security freeze if you feel you need it.