breachmonitor

What to do after a data breach: a step-by-step response

Updated 2026-07-06 2 min read

Learning your data is in a breach is unsettling, but the response is straightforward if you do it in the right order. Speed matters — leaked credentials get replayed fast.

Act in this order

  1. Change the breached password immediately — and change it anywhere you reused it. That reuse is what attackers count on.
  2. Make each new password unique with a password manager, so a future leak can’t cascade.
  3. Enable multi-factor authentication on the affected account and on your email, banking and work logins.
  4. Secure your email first — it’s the reset gateway to everything else.
  5. Watch for phishing that references the leaked data, and verify unusual requests through a known channel.
  6. If financial data leaked, alert your bank and monitor statements; consider a card reissue.
  7. Set up breach monitoring so you’re alerted the next time your data appears in a leak.

What you can’t undo

Passwords can be changed; personal data can’t. If your name, address, phone number or date of birth leaked, treat it as permanently public and stay alert to targeted phishing, SIM-swap attempts and identity fraud that use those details to sound convincing.

If it’s a work account

Report it to your security or IT team immediately — don’t just fix it quietly. A single leaked corporate credential can be an attacker’s entry point into the whole organisation, and the team may need to force resets, check for misuse and meet notification deadlines.

Reduce the next breach’s impact

  • Use unique passwords everywhere (a manager makes this painless).
  • Turn on MFA — prefer authenticator apps or hardware keys over SMS.
  • Close old accounts you no longer use so they can’t leak your data later.
  • Keep a monitoring alert active so you learn about leaks early.

FAQ

Related questions

What’s the first thing to do after a breach?

Change the breached password and any place you reused it, then enable MFA. Securing reused passwords quickly is what stops the leak from spreading to your other accounts.

Should I change all my passwords after one breach?

Prioritise the breached password and anywhere it was reused, plus your email and financial accounts. Moving to unique passwords via a manager over time removes the need for mass resets in future.

Is it worth paying for breach monitoring?

Monitoring — free or paid — is valuable because it shortens the time between a leak and your response. The sooner you know, the less chance leaked credentials are successfully reused.