What To Do If You Receive a Data Breach Alert

Should You Be Worried About Receiving a Data Breach Alert? 

Companies are required by state law to disclose if your personal information was involved in a data breach, but the lack of an overarching federal law means you may not find out until it's too late. 

In most states, companies only have to notify victims within 45 days of identifying a breach, but some allow up to 90 days (while others have no specific time frames) [*].

This gives some cybercriminals 90 days or more to use or sell all types of information, including Social Security numbers (SSNs), driver's licenses, and bank account and credit card details. That's more than enough time to set up new accounts in your name and lay out elaborate scams to steal from you and your family.  

As soon as you get a data breach alert, you should immediately:

• Find out what personal data was leaked in the security breach
• Secure any compromised accounts
• Freeze your credit file with the three major bureaus
• Check your financial accounts for signs of fraud
• Sign up for ongoing account and identity monitoring

Even if the leaked information seems minor, take it seriously. Over time, hackers can compile bits of your personal details to create an in-depth profile of you for large-scale scams and identity theft. 

{{show-toc}} 

What Information Is Included in a Data Breach Alert? 

A data breach alert helps you decide which course of action is best to help protect your identity, finances, and online accounts. 

State data breach notification laws usually require organizations to include the following information in their alerts: 

• What happened: How and when the data security event took place, such as if it was the result of malware or a phishing attack. It may also include details on how the cybercriminals are using the information. 
• What information was leaked: Specific details about what was leaked, such as phone numbers, SSNs, financial information, or medical records. 
• What the company is doing: How the organization plans to fix the issue and what protections it has to offer breach victims. For example, many companies offer free credit and identity monitoring or restoration services. Be warned, however, that accepting these offers may limit your access to legal action against the breached company. 
• What you can do on your own: Proactive steps you can take, based on the type of sensitive data leaked — for example, placing credit freezes after an SSN leak or contacting healthcare-related government agencies after a medical data breach. 
• Other breach-specific information: Details such as the point person or department handling the breach or the law enforcement agency working on the case.

Pro tip: With the number of data breach victims approaching two billion in 2024 [*], there's a good chance that more of your personal information is already available online than you think. You can find out what information hackers and scammers have access to by using Aura’s free digital footprint scanner.

{{hacker-view-widget}}

What To Do If You Receive a Data Breach Alert: 7 Steps

Receiving an alert that your personal information was involved in a data breach can be scary, but responding quickly may prevent the worst from happening. After you get a breach notification, follow these steps to help protect your information, your accounts, and your financial health. 

Are you worried that scammers are already  using your stolen data? Follow these steps to protect your identity, accounts, and finances. 

1. Review the data breach alert to see what information has been leaked

Your first step after a data breach is to figure out what information was compromised and how it might affect you. 

In some cases, companies alert all potential victims of an information security event — even if your specific information wasn't confirmed as leaked. Still, it's important that you take the proper precautions. 

• Confirm the breach. Look for an official announcement from the company or a trusted news source before taking any action. Beware of phishing emails in the form of data breach notifications. 
• Double-check your involvement in the leak. Identify all of the information that was leaked in the breach. You can use a Dark Web scanner or a service like HaveIBeenPwned to verify your involvement.
• Review the company response. Follow the appropriate steps provided by the company to protect yourself from cybercrime. If complimentary credit monitoring is included, confirm that it won't stop you from pursuing legal action if you accept, and consider legal counsel if it does.

📚 Related: The Best Dark Web Monitoring Services Right Now →

2. Secure compromised accounts with new passwords and 2FA

Passwords and login credentials are some of the most commonly leaked pieces of information in data breaches. 

A single leaked file in 2024 contained nearly 10 billion passwords compiled from various breaches [*]. 

If your login credentials are compromised, you need to make sure hackers can't use them to access your accounts and data. 

• Change your passwords. Start with your affected passwords, but you may want to change all of your passwords just in case. Create unique passwords by combining long strings of letters, numbers, symbols, and phrases. 
• Enable two-factor authentication (2FA). Many online accounts allow for 2FA, an additional layer of security beyond just a password. With 2FA enabled, logging in to your account requires a code sent to you via text message or an authenticator app. 
• Use a password manager. Password managers serve several functions, including creating and storing complex and unique passwords and informing you of weak or compromised passwords. 

3. Freeze your credit with all three major credit bureaus

Equipped with your personal information from a data breach, identity thieves can set up new accounts in your name and damage your credit score. Before that happens, you can freeze your entire credit file,which blocks anyone from accessing your file — even you. 

• Contact each major bureau. You need to freeze your credit file with each major bureau individually (Equifax, TransUnion, and Experian). Credit freezes are free and do not impact your credit score.
• Maintain the freeze. Your credit file will remain frozen as long as you want. If you need to use your credit in the future, you will need to unfreeze or "thaw" your credit. You can usually do this with a private PIN or through your online bureau account. 

📚 Related: Fraud Alert vs. Credit Freeze: Which Is Better? →

4. Check your credit report and financial statements for fraud

After a data breach, you will want to keep a close eye on your credit file and financial accounts to ensure that there's no foul play. Look through your reports and statements carefully for any signs of fraud or suspicious activity.  

• Request a free credit report. All Americans are eligible for free weekly credit reports at AnnualCreditReport.com. Check your report for red flags, such as incorrect personal information, unfamiliar account numbers, and unauthorized hard inquiries. 
• Review your bank statements. Go through your bank account statements, and review the transactions and transfers for anything you don't recognize.  
• Set up account alerts. Most banks offer fraud alerts for large or unusual transactions. You may also register to receive notifications about any account changes to help identify fraud as soon as it happens.  

5. Follow additional steps for sensitive data leaks 

Sensitive data leaks, such as medical records, driver’s license details, and the personal information of children may require specialized actions to mitigate the risks. Identity theft in these cases can be difficult to spot and may have long-lasting consequences, so it needs to be dealt with carefully. 

• Monitor your medical records. If your medical data leaks, request an explanation of benefits from your medical insurance provider, and review your claims for anything suspicious. You can report fraud with the Centers for Medicare & Medicaid Services. 
• Contact the Department of Motor Vehicles (DMV). If your driver's license information was stolen, contact your local DMV to report it. They can flag your license number and issue you a new one, if necessary. 
• Protect your child's credit. If your children's personal information is leaked, you may want to freeze their credit with the major bureaus to prevent any misuse.

6. Consider signing up for identity, credit, and data breach notifications

Identity and credit monitoring are powerful tools in the fight against identity fraud. These services alert you quickly to data breaches or leaks involving your personal information or suspicious activity in your credit file, which can give you the jump on fraudsters. 

• Seek out comprehensive monitoring. For the best protection, choose a service that offers three-bureau credit monitoring, real-time alerts, and Dark Web scanning. Some top-tier plans also provide financial and medical fraud protection. ‍
• Prioritize support. Recovering from fraud can entail a great deal of time and money. Make sure you have round-the-clock access to fraud resolution specialists who can walk you through the recovery process, along with ample insurance to cover your financial losses.

7. Be on the alert for suspicious activity

The information stolen in a data breach can be used against you and your family in scams. By using your personal information and account details, fraudsters might trick you into thinking they represent a trusted organization and get you to lower your guard so that they can take advantage of you.  

• Beware of phishing attempts. Avoid clicking on links or sharing sensitive information before you know exactly what you're dealing with. Even breach notifications can be scams. 
• Maintain your digital security. Keep your devices and software updated, and protect them with antivirus software to combat the latest malware. You should also  update your passwords and 2FA regularly. 

📚 Related: How To Protect Your Identity Online →

How To Set Up Data Breach Alerts for Your Personal Information

Data breaches have become such common occurrences that it may be tempting to ignore alerts. Yet, these notifications can signal the early stages of identity theft, fraud, and hacking — making it critical for you to act promptly. 

While it’s important to take data breach alerts seriously, you should also consider more proactive measures to monitor your sensitive information, such as: 

• Regularly check data breach news sites for announcements
• Enlist a Dark Web monitoring service to monitor your sensitive information
• Run free Dark Web scans to see if you’ve been impacted 
• Use a password manager that alerts you to password leaks
• Set up fraud alerts with your financial institution

You can also seek help from experts like Aura. When you sign up for Aura's all-in-one identity theft protection service, you’ll receive the industry’s fastest alerts³ — along with 24/7 Dark Web and account breach monitoring that covers up to 70 items of your choice, including ID numbers, accounts, email addresses, and more. 

Aura's packages also include three-bureau credit monitoring, antivirus protection, and up to $5 million in identity theft insurance coverage.