6 Important Steps to Take After a Data Breach

It's not only companies that become victims to hackers. Individuals are targets, too. What is more, frequently in a company data breach, the data that leaks is your personal information.

You might hear in the news that XYZ company has been hacked, and in a sense you should be happy you know about the data breach because more often than not the victims are totally unaware. This isn't the most pleasant news, but when you know about the breach you can take steps to protect yourself. Here is what you need to do to minimize the damage.

1. Try to Determine the Scale of the Damage

Your first task after a data breach is to try to find out what data has been compromised. The damage can vary from just some bogus email address(es) and password(s) you use for unessential sites only to credit card numbers, health records, social security numbers and other vital information.

The steps you need to take depend on the damage. Needless to say, you don't have to take all the steps if the only damage is an email address you rarely use.

2. Change the Passwords of All Affected Accounts

No matter what the damage is, the first thing you need to do is change the passwords of all affected accounts. With minor damage, such as stolen unessential email addresses/passwords, changing the password should suffice, and you don't have to do anything else.


3. Contact Your Bank

In the case of stolen credit/debit cards, immediately contact the issuer so that they can block the card before criminals use it to make purchases/withdraw money from it.

It's true this works only if you discover the theft seconds after it happened, which is rarely the case, but you are eligible for some legal protection regarding fraudulent spending from your card if you notify the bank as soon as possible. You might not be able to prevent spending from right after the theft, but at least you are covered against future abuse. In most cases the bank will cancel the card and issue you a new one immediately.

4. Contact the Major Credit Reporting Agencies (and the Police)

Stealing money from you has one more negative aspect - it can hurt your credit record. This is why you need to contact the major credit report agencies and notify them about the breach. You need proof, though. If you got a notification letter from the company your data was stolen from, this is proof.

In other cases you will need a police report. This means you have to go to the police, file a report with them and use this as proof. This might seem like an extra step (and in cases of theft of data with minor importance it is), but if major data of yours was stolen and can be used for criminal purposes, it won't hurt to have this on paper with the police. They will rarely catch the criminals right away, so don't expect justice to be served soon, if at all - your purpose here is to eliminate the risk of using your data for criminal purposes.

5. Contact the IRS

If your social security number was stolen, you'd better alert the IRS. Tax identity fraud is very widespread, and even if you have reported the theft to the police, don't expect the IRS to know.

6. Monitor Your Accounts and Credit Reports

Many people have the habit of rigorously monitoring their accounts and credit reports even if they aren't victims of a data breach, so if you don't have this habit, now is the time to acquire it. Request free copies of your credit report from the major credit-reporting bureaus, and at least once a month review the activity of your credit/debit cards - all this should help to spot early potential problems due to a data breach so that you can react appropriately.


Anyone can become a victim of data breach. If you are lucky, criminals won't get hold of vital data of yours. If you are not that lucky, the only thing you can do is take the steps described in this article in an attempt to minimize the damage. They do take time and effort, and there is never a guarantee your data won't be misused, but this is the best you can do.

Ada Ivanova

I am a fulltime freelancer who loves technology. Linux and Web technologies are my main interests and two of the topics I most frequently write about.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox