How do I know if I was affected by a data breach?

Two reliable signals. First, check Have I Been Pwned (haveibeenpwned.com), a free service that lets you enter your email or phone number and see whether it has appeared in known breaches. Second, watch for an official notification from the company itself — by law in many regions, organisations must tell affected users when their data is exposed. Treat unexpected 'breach alert' emails with caution, though: scammers send fake ones to harvest logins. Go to the company's site directly rather than clicking links.

What's the very first thing to do after a breach?

Change the password on the affected account immediately — and, just as important, change it on every other account where you reused that same password. Password reuse is what turns one breach into many: attackers take leaked credentials and try them everywhere (credential stuffing). Make each new password long, unique, and unrelated to the old one, then turn on two-factor authentication so a future leak alone can't get in.

Should I freeze my credit after a breach?

It depends on what was exposed. If the breach involved financial or identity data (Social Security number, government ID, bank details), a credit freeze is a sensible precaution — it stops new accounts being opened in your name and is free to place and lift. If only an email address and password leaked, focus on changing passwords and enabling 2FA. Either way, monitor your bank and card statements closely for a few months.

Why do I get more phishing emails after a breach?

Because attackers now know your email address — and sometimes which service you use, your name, or partial account details. They use that to craft convincing 'your account was compromised, click here to secure it' messages that mimic the breached company. The fix is simple discipline: never act on a security email by clicking its link. Open the service yourself in your browser or app and check from there.

Can a password manager actually prevent the next breach?

It can't stop a company you trust from being breached — that's their job. But it removes the part you control that makes breaches dangerous: reused and weak passwords. A manager generates a long, random, unique password for every account, so a leak at one service exposes only that one login. Many managers also include breach monitoring that flags exactly which of your saved logins appeared in a known leak, so you can act fast.

What To Do After a Data Breach: Your 2026 Action Plan

A series of major breaches has marked 2026 — leaked credentials tied to Fortinet/FortiGate firewall devices, Kodak, a third party connected to Nintendo, and the long tail of the 23andMe incident have all made headlines. If you're reading this wondering "was I caught up in one of these, and what now?", this is the calm, practical checklist to work through. None of it requires technical skill, and the most important steps take only a few minutes.

The short answer

Check if you're affected with Have I Been Pwned and any official notice from the company.
Change the leaked password — and every account where you reused it.
Turn on 2FA so a stolen password alone can't log in.
Stay alert for phishing that exploits the breach, and freeze your credit if identity data was exposed.
Fix it for good: a unique password per account, stored in a password manager.

Close-up of a computer screen showing the word "Security" in blue text with a mouse cursor hovering beneath it.

Step 1 — Find out whether you're affected

Don't panic, and don't guess. There are two trustworthy ways to know:

Have I Been Pwned (haveibeenpwned.com) is a free, well-known service that checks your email address or phone number against a database of known breaches. It tells you which breaches your address appeared in, so you know exactly which accounts to prioritise.
The official notification. Companies that suffer a breach are generally required to inform affected users. Read it for the specifics — what data was exposed (just email? passwords? payment info?) determines how serious it is for you.

Be careful here: post-breach is exactly when fake "you were breached" emails spread. Never log in through a link in such a message. Go to the service directly.

Step 2 — Change the password (and stop the chain reaction)

Change the password on the affected account first. Then — this is the step people skip — change it on every other account where you used the same or a similar password. Attackers take credentials leaked in one breach and try them across hundreds of other sites automatically. That's credential stuffing, and reused passwords are what make it work.

Each replacement password should be long, random, and unique. Don't just bump a number on the end of the old one — attackers and their tools guess those small variations easily. Start with your most important accounts: email, banking, and anything tied to your payment cards. Work outward from there to social media, shopping, and the dozens of sign-ups you've forgotten about over the years.

A computer monitor in a dark room displaying several terminal windows filled with green and red system logs and error codes.

Step 3 — Turn on two-factor authentication

Once the password is changed, add a second lock. With two-factor authentication switched on, even a future leak of your password won't be enough to log in — an attacker would also need the code from your authenticator app or your hardware key. Prioritise your email account first (it can reset everything else), then banking and your password manager. Where you can choose, prefer an authenticator app or a hardware key over SMS codes, which are the weakest form of 2FA. It takes a couple of minutes per account and closes the door that a leaked password leaves open.

Step 4 — Watch your money and your inbox

Monitor financial accounts. Check bank and card statements for unfamiliar charges for at least a few months. Set up transaction alerts if your bank offers them.
Expect targeted phishing. Now that your details are out there, you'll likely see convincing scam messages. Treat every "secure your account" email as suspect and verify by opening the service yourself.
Freeze your credit if identity data leaked. If a Social Security number, government ID, or bank details were exposed, a credit freeze stops fraudsters opening new accounts in your name. It's free to place and lift.

The real long-term fix

Breaches at companies aren't something you can prevent — but you can make them harmless to you. The single change that matters most is a unique password for every account, so one leak never spreads. Remembering dozens of strong, random passwords by hand is impossible, which is why a password manager exists: it generates and stores them, fills them in for you, and many can monitor known breaches and tell you precisely which of your logins to change.

★ Audit Cure53 2024 · ✓ Plan gratuit · Cross-platform

Stop one breach from spreading — get unique passwords with NordPassGenerates a strong, unique password for every account, secured with XChaCha20 encryption, supports passkeys, and has a free plan→

The bottom line

A breach is alarming, but the response is straightforward: check whether you're affected, change the leaked password and any you reused, turn on 2FA, and stay sharp for phishing and fraud. Then close the door for good by giving every account its own unique password through a manager. Do the urgent steps today, and the 2026 wave of breaches becomes a scare instead of a disaster. Next, learn how 2FA works and how attackers exploit reused logins in credential stuffing.

★ Audit Cure53 2024 · ✓ Plan gratuit · Cross-platform

Get NordPass30-day money-back guarantee · Free plan available→