Breach Response Kit

Step-by-step response plan for data breaches, account compromises, and security incidents.

Back to Tools

Immediate Response Actions

If you discover or suspect a data breach or account compromise, follow this systematic response plan immediately.

First 15 Minutes: Critical Actions

These actions must be taken immediately upon discovering a breach.

Step 1: Contain the Damage (0-15 minutes)

1

Change Compromised Passwords

Immediately change passwords for the affected account and any accounts using the same password.

2

Enable Two-Factor Authentication

If not already enabled, activate 2FA on the compromised account immediately.

3

Review Account Activity

Check recent login activity, transactions, and changes made to account settings.

4

Log Out All Sessions

Use account settings to force logout from all devices and locations.

5

Secure Your Email

If email was compromised, change password immediately and check forwarding rules.

Step 2: Assess the Breach (15-60 minutes)

Identify What Was Compromised

Determine what information was accessed: passwords, financial data, personal information, documents.

Check for Unauthorized Changes

Look for new email addresses, phone numbers, recovery options, or security settings changes.

Review Connected Accounts

Check all accounts that use the same credentials or are linked to the compromised account.

Document Everything

Take screenshots of suspicious activity, note dates/times, and save all evidence.

Step 3: Financial Account Response (Immediate)

$

Contact Financial Institutions

Call banks and credit card companies immediately to report the breach and freeze accounts if needed.

$

Monitor Accounts

Check all transactions for unauthorized activity. Set up transaction alerts.

$

Request New Cards

If payment card information was compromised, request new cards with new numbers.

$

Place Fraud Alert

Contact one credit bureau to place a fraud alert (automatically notifies other two bureaus).

Step 4: Report the Breach (First 24 hours)

Platform/Service

Report the breach to the affected platform's security team through their official channels.

Credit Bureaus

Equifax: 1-800-525-6285
Experian: 1-888-397-3742
TransUnion: 1-800-680-7289

Federal Trade Commission

File report at IdentityTheft.gov or call 1-877-ID-THEFT (438-4338)

Local Police

File police report, especially if financial loss occurred. Get report number for records.

Step 5: Identity Theft Prevention (Days 1-7)

Order Credit Reports

Get free reports from AnnualCreditReport.com and review for fraudulent accounts.

Consider Credit Freeze

Place security freeze on credit reports to prevent new account openings.

Notify Employers

If work email or credentials were compromised, inform your IT department immediately.

Alert Contacts

Warn friends, family, and colleagues that your account was compromised to prevent phishing.

Step 6: System Security Audit (Week 1)

Run Malware Scan

Perform full system scan with updated antivirus on all devices that accessed the account.

Update All Software

Install all operating system, browser, and application updates immediately.

Review Browser Extensions

Remove suspicious browser extensions that could have captured credentials.

Check Network Security

Change Wi-Fi password, update router firmware, review connected devices.

Step 7: Password Security Overhaul (Week 1-2)

Audit All Passwords

Identify all accounts using the compromised password or similar variations.

Deploy Password Manager

If not already using one, set up a password manager immediately.

Generate New Passwords

Replace all passwords with unique, randomly generated strong passwords.

Enable 2FA Everywhere

Activate two-factor authentication on all accounts that support it.

Step 8: Ongoing Monitoring (Months 1-12)

Weekly (First Month)

Check financial accounts daily, monitor credit reports weekly

Monthly (Months 2-6)

Review credit reports, check for suspicious account activity

Quarterly (Months 7-12)

Full credit report review, update security measures

Annual Review

Complete security audit, consider identity theft protection service

Breach Response Contacts

Essential Contact Numbers

  • FTC Identity Theft Hotline: 1-877-438-4338
  • Equifax: 1-800-525-6285
  • Experian: 1-888-397-3742
  • TransUnion: 1-800-680-7289
  • Social Security Fraud Hotline: 1-800-269-0271

Prevention for Future

  • Use unique passwords for every account with password manager
  • Enable two-factor authentication on all accounts
  • Regularly update software and operating systems
  • Use antivirus software and keep it updated
  • Be cautious with emails, links, and attachments
  • Monitor financial accounts and credit reports regularly
  • Use VPN on public Wi-Fi networks
  • Keep personal information off social media