What to Do After a Data Breach Notice

SSN exposure is the long game. Your Social Security number doesn't change. A fraudster who bought it in 2026 can try to use it in 2031. The steps below aren't optional maintenance — they're damage control with a very long tail.

0 of 6 steps completed

Do today

Freeze your credit — all three bureaus Equifax, Experian, and TransUnion. Separately. All free. A freeze stops new accounts from being opened in your name entirely — it's more effective than a fraud alert. Takes about 15 minutes total. Do this before anything else.

Check for an active settlement Many data breaches result in class action settlements. If yours did, there may be money waiting — see the section below for currently open claims.

This week

Enroll in the free monitoring the notice offers Take it — it costs you nothing. Just understand that monitoring tells you after fraud happens, not before. The credit freeze is the actual prevention. Monitoring is the backup alarm.

Pull your free credit reports annualcreditreport.com — the official one. Look for accounts you didn't open and inquiries you didn't authorize. Note anything unfamiliar.

Ongoing

File your taxes early next year Tax identity fraud — someone filing a return with your SSN before you do — is one of the more common downstream effects of SSN exposure. Filing early eliminates the window. You can always amend later if needed.

Set a 12-month calendar reminder Breach data doesn't expire. The fraud attempts often come months or years later, when you've forgotten about the notice. Set a reminder to check your credit report again. Your SSN is going to be out there for a while.

Financial account data moves faster than SSNs. Credit card numbers get sold and used quickly — often within days. The good news: they're also easier to cancel and replace than a Social Security number.

0 of 5 steps completed

Do today

Review your account statements for unauthorized transactions Log in and look. Fraudulent charges are often small at first — $1–$5 test transactions before larger ones. If you spot anything, report it to your bank immediately.

Request new card numbers for any exposed accounts Call your bank or card issuer and ask for replacement cards. The account and history stay the same — only the card number changes. It's free and takes a few days to arrive.

Check for an active settlement Financial data breaches frequently result in class action settlements. See the section below for open claims that may apply to you.

This week

Place a fraud alert or freeze your credit If the breach included your full name, address, and account details — enough to open new credit — a credit freeze at Equifax, Experian, and TransUnion is worth doing. A fraud alert is lighter and lasts one year.

Ongoing

Watch for targeted phishing attempts If the company knew your name and account details, attackers now do too. Expect emails or calls that reference your real account information to gain your trust. Legitimate institutions do not ask for passwords or full account numbers over email.

Medical data is the breach that keeps giving. You can cancel a credit card in five minutes. You cannot cancel your medical history, insurance ID, or Medicare number. Health data enables insurance fraud that can take years to surface — and often longer to untangle.

0 of 5 steps completed

Do today

Freeze your credit — all three bureaus Medical breaches often include SSNs alongside health data. A credit freeze at Equifax, Experian, and TransUnion blocks new accounts from being opened in your name. Free at all three.

Check for an active settlement Medical data breaches almost always produce class action settlements. See the section below — there may be an active claim you qualify for right now.

This week

Review your Explanation of Benefits statements Your insurer sends these after a claim is processed. Look for procedures, prescriptions, or visits you don't recognize. Medical identity fraud often shows up here first — not on your credit report.

Request a copy of your medical records You're entitled to these. Look for records of care you didn't receive — a sign someone used your identity to obtain treatment or prescriptions. This step is tedious but worth it if the breach involved detailed health records.

Ongoing

Set a 12-month calendar reminder Medical identity fraud surfaces slowly. Someone may use your information to rack up insurance charges over months before anything flags. Check your EOBs and credit annually — not just now.

Email and password breaches are credential-stuffing fuel. Attackers run your username and password combination against hundreds of other sites automatically. If you've reused that password anywhere — banking, email, shopping — go change it now, before you read anything else on this page.

0 of 5 steps completed

Do today

Change the exposed password everywhere you used it Every site. Not just the one that was breached. This is the single most important step for credential exposures. If you can't remember where you've used it, change your email and financial accounts first, then work outward.

Enable two-factor authentication on your email and bank accounts 2FA means that even if someone has your password, they can't get in without a second verification step. Your email account is the most critical — it's the reset mechanism for everything else.

Check for an active settlement Credential breaches often produce class action settlements, particularly when negligent security practices are involved. See the section below.

This week

Use a password manager going forward Password reuse is what makes credential breaches so damaging. A password manager generates and stores unique passwords per site. You only remember one. Most have free tiers.

Ongoing

Watch for targeted phishing using your real name Breached data includes enough context for attackers to craft convincing emails. If a message references your real account or personal details to seem legitimate — stop. Verify through the company's official site directly.

Multiple data types means maximum exposure. Start with the highest-risk items first. SSN or medical data first, then financial accounts, then credentials. Working methodically is better than panicking and doing nothing.

0 of 6 steps completed

Do today

Freeze your credit — all three bureaus Equifax, Experian, TransUnion. Free. Start here — it's the most effective single action available and takes about 15 minutes.

Change any exposed passwords immediately Especially on email and financial accounts. If you reused the password anywhere, change it everywhere.

Check for an active settlement Multi-category breaches typically result in the largest settlements. See the section below — there may be money waiting for you.

This week

Review financial accounts and request new card numbers Check statements for unauthorized transactions and request replacement card numbers for any exposed accounts.

Pull your free credit reports annualcreditreport.com — look for accounts or inquiries you don't recognize.

Ongoing

Set a 12-month calendar reminder and watch your EOBs Multiple data types means multiple fraud vectors — some of which surface slowly. Check your credit report, insurance statements, and account activity again in a year. The breach doesn't expire when the news cycle does.

The vagueness is intentional. Breach notices are drafted by legal teams managing the company's liability exposure at the same time they're informing you of a risk to yours. "May have been accessed" means it was. "Various personal information" means they'd rather not enumerate.

0 of 5 steps completed

Do today

Find out exactly what was exposed Go to the company's official website or call the number in the notice. Ask specifically: what categories of data were involved? Was my SSN included? Financial account numbers? Medical records? You're entitled to this information — push for a clear answer.

Freeze your credit as a precaution If you don't know what was taken, act as if the worst applies. A credit freeze costs nothing, can be lifted whenever you need it, and is the most effective protection available for identity fraud.

Check for an active settlement Even vague breach notices often produce class action settlements. See the section below — you may qualify regardless of which specific data type was involved.

This week

Pull your free credit reports annualcreditreport.com. Look for accounts or inquiries you don't recognize. This gives you a baseline to compare against going forward.

Ongoing

Watch your accounts for anything unusual Fraud from a breach often surfaces weeks or months after the incident — not immediately. Review your bank, credit, and insurance statements periodically. The inconvenience of checking is considerably less than the inconvenience of untangling fraud.

Active breach settlements you might qualify for

Many data breaches result in class action settlements. If your breach is on this list, there may be money you can claim. Settlement data updates automatically as deadlines change.

Loading active settlements…

Only showing settlements with open deadlines. Data pulled from eosguide's live settlement database.

Worth reading next

Explainer

What actually happens to your data after a breach

Where it goes, what it's worth, and what you can realistically do about it.

Reality Check

A data breach letter is a legal obligation, not a confession

What the letter isn't telling you — and what it's legally not required to say.

How-To

How to file a settlement claim without getting scammed

Real settlement notices and fake ones look almost identical. Here's how to tell them apart.

Get new breach settlements before the deadline expires.

Weekly digest of open settlements, delivered free. No spam — we have enough of that ourselves.

First: what did they get?

Active breach settlements you might qualify for

Worth reading next

Never Miss Out