With the rise in cyber-attacks worldwide, you’ve likely received more than one notification from a company you work with informing you that your data has been compromised in a breach. While there are steps, we can take as consumers to protect ourselves, sometimes we can’t control when a company that promised to protect our personal data gets hacked.

In 2023, Statista reported that 52% of all global organization breaches involved customers’ personally identifiable information (PII), making your personal data – addresses, numbers, names, birth dates, SSNs, etc. – the most commonly breached type of data. A recent example is ChangeHealthcare, which was breached in February of this year. Due to the breach, it’s estimated that one-third of Americans – possibly including you – had sensitive information leaked onto the dark web.

So now what? What do you do when you receive a letter in the mail from your health care provider or favorite retail store admitting, “Whoops, we got breached.” It’s more than upsetting to think that your data is now in the hands of criminals.

When sensitive information leaks, you’ll have to do some recon to protect your accounts from suspicious activity. Follow these seven steps to stop the bleeding after a company fails to protect your data from being compromised.

What To Do After Your Data’s Been Leaked

1. First, make sure the breach is legit.
One ploy that hackers use to get our data is to impersonate popular companies and send out fake e-mails or letters about an alleged breach. Whenever you get a notification like this, go to the company’s website or call the company directly. Do NOT use information in the letter or e-mail because it could be fake. Verify that the company was hacked and which of your data may have been compromised. Try to get as much information as possible from the company about the breach. When did it happen? Was your data actually impacted? What support is the company offering its customers to mitigate the breach? For example, some companies offer yearlong free credit monitoring or identity fraud prevention.

2. Figure out what data was stolen.
After speaking directly with the company, determine what data was stolen. Credit cards can be easily replaced; Social Security numbers, not so much. You’ll want to know what was compromised so you can take the necessary steps to monitor or update that information.

3. Change passwords and turn on MFA.
After a breach, you’ll want to quickly update to a new, strong password for the breached account and any account with the same login credentials. Additionally, if you see an option to log out all devices currently logged in to your account, do that.

While you’re doing that, make sure you have multifactor authentication turned on in your account or privacy settings so that even if a hacker has your login, they can’t access your account without your biometric data or a separate code.

4. Monitor your accounts.
Even after changing your passwords, you should keep a close eye on any accounts linked to the breach. Watch out for any account updates or password changes you didn’t authorize. They may be a sign of identity theft. If your credit card number was stolen, pay attention to your bank and financial accounts and look for unusual activity, such as unexpected purchases.

5. Report it.
If you’re not sure a company knows it’s been breached or you’ve experienced fraud due to a breach, report it to relevant authorities like local law enforcement or the Federal Trade Commission. They can provide guidance and next steps on how to protect your identity.

6. Be aware of phishing attempts.
Often, after data leaks, hackers use the information about you they stole to send you phishing e-mails or calls to trick you into giving away even more sensitive information. Be very wary of any e-mails you weren’t expecting, especially those that request personal or financial information, and avoid clicking on any links or attachments.

7. Consider identity theft and data breach protection.
Consider identity theft protection after a breach, especially when highly sensitive data is stolen, like your SSN. It’s a time-consuming process to replace a Social Security card. In the meantime, criminals could be using it to impersonate you. Identity theft and data breach protection help monitor your credit or other accounts, protect your identity, and notify you when your data appears on the dark web.

While companies are responsible for protecting customer information, breaches can and will still occur. By following the steps above, you can minimize a breach’s impact on your life. Ultimately, we must all contribute to protecting our information in an increasingly risky digital world.