Skip to Content
© Marina Putilova |
Safety & security

Part of a data breach? These are the steps to take immediately

Data breaches have become a part of life. These attacks occur every week, targeting individuals, small businesses, large corporations, governments, and the military. A data breach is a type of cyberattack where information is stolen and/or exposed. This data can include sensitive or proprietary information such as a company’s trade secrets or customer data such as credit cards.

A recent breach targeted Verizon-owned digital carrier Visible, resulting in the theft and changes of customer account information. The hackers also purchased new smartphones using the credentials they stole. Tap or click here to check out our report.

The fact that breaches are more common and threatening doesn’t mean we should be complacent. There are steps you can take to reduce your risks. And if you are a victim of a breach, you can mitigate the damage with some quick action. Here’s how.

1. Know what information was exposed

Have you received an email regarding a breach from a company you do business with? The type of data that was stolen is crucial. While it’s not ideal to have your name, email address and other personal information compromised, it could be worse. Sensitive information such as credit card and Social Security numbers could truly lead to serious trouble.

Even if you weren’t notified that a company you do business with was breached, you should check to be sure. A company might not become aware of the breach for some time and even when it does, it could take a while to figure out the details.

Resources like Have I Been Pwned can help you see if there are any hits. The site keeps a record of data breaches and has more than 11 billion stolen records in its database.

Just go to and enter your email address in the search bar. Hit the pwned? button, and the website will get to work alerting you of any data breaches you may be part of. Tap or click here for more information on this helpful site.

2. Change your password(s)

First things first — change your login credentials for the breached company immediately. Hopefully, you’re not using the same password for other accounts, as this is terrible practice with or without a breach. If you were doing this, change those other passwords, but don’t make the same mistake.

Many browsers keep track of your hacked passwords. For example, Chrome’s Password Manager has a Password Checkup feature. It reviews your passwords for strength and tells you if any have been compromised. Go to and click Go to Password Checkup, then Check Passwords.

Firefox, Edge and Safari have similar tools. Tap or click here for instructions on how they work and how to access them.

A strong password is not enough. Two-factor authentication adds another layer of security to your accounts. This consists of something you only know (such as an answer to a question), something you have (your smartphone) or something that identifies you as a person (fingerprint, voice pattern or facial scan).

Without these identifiers, others won’t be able to get into your accounts. Make sure to have 2FA enabled when available, especially on the breached account.

Authenticator apps automate the 2FA process and make it even more secure. They generate one-time passcodes that expire after a short time. The app is unique to your phone, and you don’t need to hand out your phone number. Tap or click here for more on authenticator apps.

3. Check your financial accounts

If your financial data is likely exposed or stolen, log into your bank, debit and credit accounts. Look for any unusual activity such as small unexpected payments, which crooks use to confirm that your account is functional. Once they’ve verified this, they’ll go for larger transactions or even empty your bank account.

Check your email, texts and other notifications for messages from the bank. But be careful, as scammers can be contacting you with spoofed messages. If you get a notification, ignore it and call the bank directly. You can find the phone number on the back of your payment cards.

Another good idea is to set up fraud alerts on your accounts. This won’t hurt your credit, but it will alert creditors that you may have been a victim of fraud, including identity theft. They will then take extra steps like contacting you directly to confirm your identity before extending credit in your name.

Luxury department store chain Neiman Marcus was recently breached, and millions of customers had their personal and financial information leaked. Tap or click here if you’re a Neiman Marcus customer.

4. Check your credit report

Building on the previous tip, check up on your credit report for any unusual activity, such as new accounts opened in your name. Look for unfamiliar addresses, contact names and other such information.

You can set up fraud alerts on your credit card report to make it more difficult for someone to take unauthorized action, such as opening an account using your information.

You can check on your credit report through your financial institution or use a free site like to see if anything unusual appears.

Tap or click here to check out how much a stolen credit card is worth on the Dark Web.

5. Oh, it’s serious

If you have reason to believe your data has not only been stolen but is actively being used by someone else, contact your financial institutions to flag your account. And it may be a pain, but cancel your current payment cards and request new ones.

Once you get your new cards, you’ll have to update the payment information on your accounts (such as Amazon), but it’s worth it to stop things before they get worse.

If someone has accessed your account, you may want to freeze your credit. This will restrict access to your credit, making it more difficult for thieves to mess with it. You won’t be able to open a new credit account while the freeze is in place.

Potential lenders will not be able to access your credit report when it’s frozen, so you may need to lift the freeze if you want to apply for a new credit card or get a car loan, insurance or other things that require it.

To initiate a freeze, contact the three national credit bureaus: Equifax, Experian and TransUnion. The FTC has a page listing the websites and phone numbers for these organizations at

Bonus: Give yourself a protection boost

When your personal details are floating around, you’re at higher risk of online attacks. Don’t take chances. Protect all your devices the right way.

TotalAV’s industry-leading security suite is easy to use and offers the best protection in the business. In fact, they’ve received the renowned VB100 award for detecting more than 99% of malware samples for the last three years in a row. And not only do you get continuous protection from the latest threats, but their AI-driven Web Shield browser extension blocks dangerous websites automatically, and their Junk Cleaner can help you quickly clear out your old files.

Right now, get an annual plan of TotalAV Internet Security for only $19 at That’s over 85% off the regular price, just for Kim’s readers and listeners!

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days