Data Breach Response: What to Do When Your Data Is Leaked

Proactive monitoring:

• Have I Been Pwned (HIBP): Free service that checks if your email/phone appears in known breaches. Sign up for notifications.
• Password manager alerts: Bitwarden, 1Password, and Dashlane check your passwords against breach databases.
• Firefox Monitor: Mozilla's breach notification service (powered by HIBP).
• Google Password Checkup: Checks saved Chrome passwords against known breaches.

Warning signs to watch for:


• Unexpected password reset emails
• Login alerts from unfamiliar locations
• Unfamiliar charges on bank/credit card statements
• Friends receiving spam from your accounts
• Account lockouts you didn't trigger
• New accounts opened in your name

Breach notification laws:
Most countries require companies to notify you of breaches:


• US: State-specific laws (all 50 states), typically within 30-60 days
• EU/UK: GDPR requires notification within 72 hours
• Australia: Notifiable Data Breaches scheme (OAIC)

Step 1: Assess what was exposed

• What data was in the breach? (email, password, SSN, financial, health)
• Was the password hashed or plaintext?
• Is the compromised password used on other accounts?

Step 2: Secure affected accounts


1. Change the password on the breached service (use your password generator!)

1. Change the password on ANY account using the same password
2. Enable 2FA if you haven't already
3. Revoke all active sessions
4. Check for unauthorized changes (email forwarding rules, recovery email/phone, connected apps)

Step 3: Protect financial information


5. If financial data was exposed, contact your bank immediately
6. Place a fraud alert on your credit reports (Equifax, Experian, TransUnion)
7. Consider a credit freeze (prevents new accounts being opened)
8. Review recent transactions for unauthorized charges
9. File a dispute for any fraudulent charges

Step 4: Document everything


• Screenshot any breach notifications

Identity protection:

• Monitor your credit reports (free annual reports at AnnualCreditReport.com)
• Consider an identity monitoring service (many breached companies offer free monitoring)
• Set up Google Alerts for your name and phone number
• File an Identity Theft Report at identitytheft.gov (US)

Account security hardening:


• Transition to a password manager if you haven't already
• Audit and update ALL passwords (not just the breached one)
• Enable 2FA on every account that supports it
• Review and clean up account recovery options
• Remove unnecessary accounts (reduce attack surface)

Ongoing monitoring:


• Check haveibeenpwned.com regularly
• Enable breach alerts in your password manager
• Review bank and credit card statements weekly
• Keep software updated on all devices
• Be extra vigilant for phishing (attackers may use breached data to craft convincing emails)

Legal options:


• Many data breaches result in class action lawsuits
• You may be entitled to compensation (credit monitoring, cash payment)
• Document your losses (time spent, financial impact)

Before a breach (preparation):

During a breach:

1. Contain: Isolate affected systems, revoke compromised credentials
2. Investigate: Determine scope, timeline, and attack vector
3. Preserve evidence: Don't wipe systems before forensic analysis
4. Notify: Legal counsel, regulators, affected individuals
5. Remediate: Patch vulnerabilities, rotate secrets, review access controls
6. Communicate: Transparent, factual updates to affected parties

After a breach:


7. Post-mortem: Document what happened, how, and why
8. Improve: Update security controls based on findings
9. Test: Verify remediations are effective
10. Train: Brief staff on lessons learned
11. Audit: Review similar systems for the same vulnerability

Communication template:


• What happened (factual, specific)