What to Do After a Financial Data Breach

Financial data breaches are alarmingly common. In 2025 alone, a single cyberattack on Marquis Software exposed the personal and financial data of up to 1.35 million people across 74 banks and credit unions. Western Alliance Bank, Evolve Bank and Trust, and major fintech platforms like Betterment and Figure Technology all suffered breaches that exposed Social Security numbers, bank account details, and other sensitive financial information. If your bank, lender, or financial service provider has been breached, here is exactly what to do, step by step.

Step 1: Confirm the Breach and Understand What Was Exposed

Before you act, find out exactly what happened. Not all breaches are equal, and your response should match the severity of the exposure.

• Read the breach notification carefully. Financial institutions are required by law to notify affected customers. The notice should tell you what types of data were compromised: names, account numbers, Social Security numbers, login credentials, or transaction history.
• Check the institution's dedicated breach response page. Most companies set up a page with FAQs, timelines, and instructions after a breach.
• Determine if your data was actually exposed. Some breach notifications are sent to all customers as a precaution. If the company offers a way to check whether your specific data was affected, use it.
• Note what free services they are offering. Many breached companies provide free credit monitoring, typically for 12 to 24 months. Sign up immediately, even if you plan to take additional steps on your own.

Step 2: Freeze Your Credit Immediately

A credit freeze is the single most effective action you can take after a financial breach. It restricts access to your credit report, which prevents criminals from opening new credit cards, loans, or accounts in your name, even if they have your Social Security number.

You must freeze your credit separately at all three major bureaus:

1. Equifax: Visit equifax.com/personal/credit-report-services/credit-freeze or call 1-800-685-1111
2. Experian: Visit experian.com/freeze or call 1-888-397-3742
3. TransUnion: Visit transunion.com/credit-freeze or call 1-888-909-8872

Credit freezes are free, legally mandated, and do not affect your credit score. You can temporarily lift a freeze when you need to apply for credit and refreeze afterward. This should be your default state going forward, not just a response to a single breach.

Step 3: Place a Fraud Alert on Your Credit Reports

A fraud alert is a lighter-weight protection that instructs lenders to verify your identity before processing credit applications in your name. Unlike a freeze, a fraud alert still allows access to your credit report, but it adds a layer of verification.

The advantage of a fraud alert is that you only need to place it at one bureau, and it is automatically shared with the other two. An initial fraud alert lasts one year. If you have been a confirmed victim of identity theft, you can place an extended fraud alert that lasts seven years.

Place a fraud alert even if you also freeze your credit. They protect against different attack vectors, and together they create a strong barrier against new-account fraud.

Step 4: Change Your Passwords and Enable Two-Factor Authentication

If login credentials were part of the breach, or if you cannot be certain they were not, change your passwords immediately. Start with:

• The breached institution's account
• Your email accounts (these are recovery addresses for everything else)
• Other financial accounts: banks, investment platforms, payment apps
• Any account where you reused the same password

Use a password manager to generate strong, unique passwords for every account. Then enable two-factor authentication (2FA) on every financial account that supports it. Multi-factor authentication blocks 99.9% of automated credential-stuffing attacks, even if your password has been compromised.

Step 5: Monitor Your Financial Accounts Closely

For the first 90 days after a breach, monitor your accounts more aggressively than usual:

• Check your bank and credit card statements daily. Look for unfamiliar charges, even small ones. Criminals often test stolen accounts with small transactions before making larger withdrawals.
• Set up transaction alerts. Most banks and credit card companies let you receive instant notifications for every transaction. Turn these on for all your financial accounts.
• Review your credit reports. You can check your credit reports from all three bureaus for free at AnnualCreditReport.com. Look for accounts you do not recognize, hard inquiries you did not authorize, and unfamiliar addresses added to your profile.
• Monitor tax filings. If your Social Security number was exposed, criminals may attempt to file a fraudulent tax return in your name. Consider filing your taxes early and setting up an IRS Identity Protection PIN.

Step 6: Report Identity Theft if It Occurs

If you discover unauthorized accounts, fraudulent charges, or other signs that your identity has been used, take these steps:

1. File a report with the FTC at IdentityTheft.gov or by calling (877) 438-4338. The FTC will create a personalized recovery plan and provide an Identity Theft Report you can use with creditors and law enforcement.
2. File a police report with your local law enforcement. Some creditors require this before they will remove fraudulent accounts.
3. Dispute fraudulent accounts and charges directly with the financial institutions involved. Provide copies of your FTC Identity Theft Report.
4. Place an extended fraud alert (seven years) on your credit reports if you have an Identity Theft Report from the FTC.

Step 7: Remove Your Personal Data from Data Brokers

After a financial breach, the exposed data often ends up aggregated with information already available about you on data broker sites. Your name, address, phone number, email, and even financial details can be combined to create a comprehensive profile that makes identity theft and targeted fraud much easier.

This is where most people stop, but it is one of the most important steps. Removing your personal information from data brokers limits the data available to criminals who already have some of your financial details from the breach. It reduces their ability to answer security questions, verify your identity to lenders, or build a convincing impersonation.

PrivacyOn automates this process across more than 100 data broker sites, continuously monitoring for re-listings and submitting removal requests on your behalf. After a financial breach, when your data is most vulnerable to being exploited, reducing your public exposure is one of the few proactive steps you can take to limit long-term damage.

Long-Term Protections to Put in Place

A single breach response is not enough. Financial breaches are now so common that you should assume your data has been compromised more than once and maintain ongoing protections:

• Keep your credit frozen by default. Only lift it temporarily when you need to apply for credit.
• Use unique passwords and 2FA on every financial account. A password manager makes this painless.
• Check your credit reports at least quarterly. Set calendar reminders so you do not forget.
• File your taxes early every year to reduce the window for tax fraud.
• Opt out of data brokers regularly. Data brokers re-collect your information over time, so removal is an ongoing process, not a one-time task.
• Consider an IRS Identity Protection PIN. This six-digit number prevents anyone else from filing a tax return with your Social Security number.

The Bottom Line

The average cost of a financial sector data breach reached $6.08 million in 2024, but the cost to individuals is measured in time, stress, and financial damage that can take years to resolve. The good news is that acting quickly makes a significant difference. Freeze your credit, set fraud alerts, change your passwords, monitor your accounts, and reduce the personal data available about you online. These steps will not undo the breach, but they will make it far harder for criminals to turn stolen data into stolen money.