A data breach means your personal information — email, password, credit card number, Social Security number, or all of the above — has been exposed. What you do in the first 24 hours determines how much damage you ultimately sustain. The window to prevent the worst outcomes is short, and the steps are specific.
In the first 24 hours after a breach: change your password on the affected account immediately, change it on any other account using the same password, freeze your credit at all three bureaus if financial or SSN data was exposed, and enable two-factor authentication on your most critical accounts. Speed matters — fraudsters act within hours of breach data going live.
Hour 1: Verify the Breach Is Real
Not every breach notification is legitimate — phishing emails impersonating breach notifications are common. Before clicking anything, go directly to the company's official website or check HaveIBeenPwned.com to verify independently. Do not click links in breach notification emails. Do not call phone numbers included in notification emails.
Hours 1-2: Change the Affected Password
Log into the affected account directly (type the URL — do not click email links) and change your password to something strong and unique. If you use a password manager, generate a new random password now. If you do not have one yet, this is the moment to set one up — Bitwarden is free and takes 20 minutes to set up.
Then check every other account where you use the same password or a variation of it. Change all of them. Credential stuffing attacks are automated — within hours of a breach, attackers are testing the exposed email/password combination against hundreds of other sites.
Hours 2-4: Enable Two-Factor Authentication
On the breached account and on your email account (most important), enable two-factor authentication now. Use an authenticator app — Google Authenticator, Authy — rather than SMS wherever possible. The YubiKey 5 NFC (~$50) provides the strongest protection for accounts that support hardware keys, including Gmail and most major financial services.
Hours 4-8: Freeze Your Credit (If Financial or SSN Data Was Exposed)
If the breach exposed your Social Security number, date of birth, or financial account information, freeze your credit at all three bureaus. A freeze prevents any new credit from being opened in your name. It is free, takes about 10 minutes total, and does not affect your existing accounts.
Freeze all three. A freeze at one bureau does not protect the others.
Hours 8-24: Monitor and Report
Check your financial accounts for unauthorized transactions. Place a fraud alert with one bureau (it automatically notifies all three) if you prefer a lighter-touch option to a full freeze. File a report at IdentityTheft.gov if your SSN was exposed — this creates an official record and generates a personal recovery plan.
For a complete SSN compromise recovery guide, read our Social Security Number Stolen: Complete Recovery Plan.
Transparency: Some links in this post are affiliate links. If you purchase through them, Silent Security.net earns a small commission at no additional cost to you. We only recommend products we would suggest to our own families. Our editorial opinions are never influenced by affiliate relationships.