How to Protect Your Privacy After a Data Breach

Data breaches are now a fact of life. In 2025 alone, over 3,300 data breaches were reported in the US — a 4% increase year-over-year — with billions of records exposed. Major incidents included the PowerSchool breach affecting 62 million students and 10 million teachers, over 16 billion leaked credentials from major platforms, and the DaVita ransomware attack exposing 2.7 million patients' data. If you've received a breach notification — or suspect your data was compromised — here's exactly what to do, step by step.

Immediate Steps (Do These First)

1. Confirm the Breach Is Legitimate

Before taking action, verify that the breach notification is real. Scammers often send fake breach notifications to trick you into clicking malicious links or providing personal information.

• Don't click links in the email. Instead, go directly to the company's website.
• Check news sources for reports about the breach.
• Visit haveibeenpwned.com to check if your email appears in known breaches.

2. Change Your Passwords Immediately

Start with the breached account, then change passwords for any other accounts that use the same password:

• Create a unique, strong password for each account (at least 16 characters with a mix of letters, numbers, and symbols)
• Use a password manager (Bitwarden, 1Password, or Dashlane) to generate and store unique passwords
• Never reuse passwords across accounts — this is how one breach becomes ten

3. Enable Two-Factor Authentication (2FA)

Add 2FA to every account that supports it, prioritizing:

• Email accounts (these are the master key to everything else)
• Banking and financial accounts
• Social media accounts
• Shopping accounts (Amazon, PayPal, etc.)

Use an authenticator app (Google Authenticator, Authy) rather than SMS-based 2FA, which can be intercepted through SIM swapping.

Protect Your Financial Accounts

Freeze Your Credit

A credit freeze is the single most effective step against identity theft. It prevents anyone from opening new credit accounts in your name. Freeze your credit at all three bureaus — it's free:

• Equifax: equifax.com/personal/credit-report-services/credit-freeze/
• Experian: experian.com/freeze/center.html
• TransUnion: transunion.com/credit-freeze

You can temporarily lift the freeze whenever you need to apply for credit.

Set Up Fraud Alerts

A fraud alert tells creditors to verify your identity before approving new credit applications. Contact any one of the three bureaus — they're required to notify the other two:

• An initial fraud alert lasts one year
• An extended fraud alert (for confirmed identity theft victims) lasts seven years

Monitor Your Financial Statements

• Review bank and credit card statements weekly for unauthorized charges
• Set up transaction alerts on all financial accounts
• Check your credit report at annualcreditreport.com (you're entitled to free weekly reports from all three bureaus)

If Your Social Security Number Was Exposed

SSN exposure is the most serious type of breach because your Social Security number is permanent — you can't change it like a password.

• Freeze your credit at all three bureaus (see above)
• File a report with the FTC at IdentityTheft.gov — this creates an official Identity Theft Report
• Get an IRS Identity Protection PIN: Visit irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin to prevent someone from filing a tax return using your SSN
• Monitor your Social Security statement: Check ssa.gov for unauthorized activity
• Consider identity theft protection with insurance that covers restoration costs

If Your Email Was Exposed

• Change your email password immediately and enable 2FA
• Check for unauthorized forwarding rules or connected apps in your email settings
• Be vigilant about phishing — attackers who know you were in a breach may target you with convincing fake emails
• Consider creating a new email address for sensitive accounts (banking, healthcare)

If Your Phone Number Was Exposed

• Contact your carrier and add a port freeze or SIM lock to prevent SIM swapping attacks
• Be cautious of phishing texts and calls — scammers may reference the breach to gain your trust
• Switch sensitive accounts away from SMS-based 2FA to an authenticator app

Long-Term Protection

A data breach is a wake-up call to strengthen your overall privacy posture:

• Reduce your data footprint: The less personal information that's available online, the less damage future breaches can cause.
• Remove yourself from data brokers: Your breached data often ends up on people search sites, amplifying the damage. Opt out from these sites.
• Use email aliases: Services like Apple Hide My Email or SimpleLogin prevent your real email from being exposed in future breaches.
• Review and close old accounts: Every unused account is a potential breach waiting to happen.
• Stay informed: Subscribe to breach notification services so you know immediately when your data is compromised.

Automate Your Protection

After a data breach, your personal information spreads rapidly — from the dark web to data brokers to people search sites. Cleaning it all up manually is a massive, ongoing project.

PrivacyOn automates the cleanup. It removes your personal information from 100+ data broker sites that may be republishing your breached data, provides dark web monitoring to alert you to new exposures, and offers 24/7 continuous monitoring to catch re-appearances. With family plans covering up to 5 people, PrivacyOn helps protect everyone affected — starting at just $8.33/month.