You got a breach letter. Here's what it actually means.
Companies are legally required to notify you when your data is exposed. Most offer free credit monitoring—but that's the minimum response, not comprehensive protection. Here's what to actually do.
First: What data was exposed?
Your response should match what was compromised. Check your letter carefully—it should list the specific data types affected.
Act immediately
Full protections warrantedAct soon
Freeze recommended + enable 2FAStay vigilant
Watch for phishing, consider freezingCombinations matter
Data types are more dangerous together. Name + DOB + address is enough for some fraud. Email + password means immediate password changes everywhere you reused it. SSN + anything else is high priority regardless of the other data.
Tier 1: Essential (Do These First)
Complete these within 24-48 hours of receiving your notification.
Read the letter carefully
5 min EasyIdentify exactly what data was exposed. This determines your response. Look for:
- Type of data compromised (SSN, financial info, passwords, etc.)
- Date of the breach (how long your data may have been exposed)
- What the company is offering (usually credit monitoring)
Freeze your credit at all three bureaus
30 min EasyThis is the single most effective step. Freezes are free and prevent new accounts from being opened in your name.
Save your PINs securely—you'll need them to temporarily lift freezes later.
Set up IRS Identity Protection PIN
15 min Easy(If SSN was exposed)
Prevents someone from filing a fraudulent tax return in your name.
Create your Social Security online account
10 min Easy(If SSN was exposed)
If you don't claim your account, someone else might. This also lets you monitor for suspicious activity.
Want a printable version? The Identity Protection Workbook has all these steps in a checklist format you can work through offline. Get the Workbook →
Tier 2: Recommended
Complete these within the first week.
Freeze ChexSystems
10 min EasyPrevents fraudulent bank accounts from being opened in your name.
Set up USPS Informed Delivery
5 min EasyGet email previews of incoming mail. Helps you spot if someone changed your address or is receiving mail in your name.
Enable two-factor authentication on financial accounts
20 min EasyAdd 2FA to your bank, credit cards, investment accounts, and email. Use an authenticator app over SMS when possible.
Review recent statements
15 min EasyCheck your credit card and bank statements for unauthorized charges. Report anything suspicious immediately.
Tier 3: Optional / Ongoing
Nice to have, but lower priority than the steps above.
Accept the free monitoring they offered
10 min EasyIt's supplementary protection, not your primary defense. Worth having, but remember: it only alerts you after fraud occurs.
Set up free ongoing monitoring
15 min EasyUse Credit Karma or similar for ongoing credit monitoring. See our free monitoring guide.
Consider freezing specialty bureaus
30 min ModerateLexisNexis, NCTUE (utilities), and others. See our additional protections guide.
Set up annual credit report review
5 min EasyYou're entitled to free credit reports from each bureau annually.
Why this order?