You've received an email saying a service you use has been breached, or you've seen it in the news. What do you actually do? Here's an exact step-by-step response, in priority order.

In the first 30 minutes

1. Change the breached password immediately

Go to the affected service and change your password to a new, unique, randomly generated one. Don't reuse anything you've used before. If the service requires you to be logged in to change your password and you can still access it, do it now. If not, use the "Forgot password" flow.

2. Change it everywhere you reused it

This is the painful part. If you used that same password on other sites, every one of those accounts is now compromised too. Log into each and change the password. This is also the moment that makes the case for a password manager permanently — this situation is the exact problem it prevents.

3. Enable 2FA on the breached account

If the service offers 2FA and you don't have it enabled, enable it now. Even if attackers have your new password somehow, they can't get in without the second factor.

In the first 24 hours

4. Check what data was exposed

Read the breach notification carefully. What was actually taken? Passwords? Payment card numbers? Address? Social Security number? The type of data determines your next steps. If payment cards were exposed, notify your bank. If government ID numbers were exposed, consider a credit freeze.

5. Watch for phishing follow-ups

Attackers use breach data to craft convincing phishing emails. In the days after a breach, you may receive emails pretending to be the affected service asking you to "verify your account" or "confirm your new password." Don't click links in these emails — go directly to the site by typing the URL.

⚠️ Credit freeze for serious breaches: If your Social Security number, date of birth, or financial account numbers were exposed, place a credit freeze with all three major bureaus (Equifax, Experian, TransUnion). This prevents anyone from opening new credit in your name.

Longer term

Use this breach as motivation to do the security housekeeping you've been putting off: install a password manager, audit your passwords, enable 2FA on all important accounts, and check haveibeenpwned.com for other exposures you may have missed.

✅ Breach response checklist: Change breached password → change it everywhere reused → enable 2FA → identify what was exposed → watch for phishing → credit freeze if financial data was taken → install a password manager so this never cascades again.