Immediate priorities: a short checklist

  1. Confirm the breach and scope. Read any notices from the company or institution that was breached; they should explain what data was exposed and who to contact. Keep that notice for records. (For general guidance, see the FTC’s steps after a breach: https://www.consumer.ftc.gov/features/feature-0014-identity-theft.)
  2. Secure critical accounts right away: email, bank, credit cards, and any accounts used to reset passwords. Change passwords and enable two‑factor authentication (2FA).
  3. Place a fraud alert or freeze your credit depending on the exposure (details below).
  4. Monitor statements and credit reports closely for new accounts or unusual activity.
  5. Document everything: dates, phone calls, names, emails, and reference numbers.

What to change first (and how)

  • Email: If attackers have access to your email, they can reset passwords elsewhere. Use a different device (not the one that may be compromised) to change your email password to a long, unique passphrase and enable 2FA (preferably an authenticator app or hardware token).
  • Financial accounts: Log in to bank and credit card accounts and review recent transactions. Report unauthorized charges immediately to the card issuer or bank.
  • Passwords: Do not reuse passwords. Use a password manager to create and store unique passwords.

In my experience helping clients after breaches, securing the primary email and any financial logins cuts off attackers’ quickest path to further harm.

Fraud alert vs. credit freeze — which should you do first?

  • Fraud alert: Notifies lenders to take extra steps to verify identity before opening new credit. An initial fraud alert typically lasts one year and is free; an extended fraud alert can last up to seven years if you provide an identity theft report. Place an alert by contacting one of the three major credit bureaus (Equifax, Experian, TransUnion); that bureau must notify the other two. (FTC / IdentityTheft.gov guidance.)

  • Credit freeze: Prevents new creditors from accessing your credit report, which stops most new account openings. Freezes are available to consumers at no cost and remain active until you lift them. If a breach exposed your Social Security number or you see clear signs of identity theft, a freeze is usually the stronger protection. (Read more practical steps on freezes: https://finhelp.io/glossary/how-to-secure-a-fraud-alert-and-credit-freeze/.)

If you’re unsure, place a fraud alert immediately (fast to set up) and follow up with a credit freeze within a few days if the exposed data included your SSN or financial account numbers. In urgent cases, I advise freezing credit the same day.

Reporting and documentation

  • File a report with IdentityTheft.gov and use its recovery plan tools; this creates a recovery affidavit you can use to prove identity theft to lenders and bureaus (https://www.identitytheft.gov).
  • Report the breach or fraud to the FTC; the site lists steps and sample letters.
  • File a police report if you have evidence of identity theft or significant financial loss. Some creditors and bureaus require a police report to remove fraudulent accounts.
  • Keep a chronological file (digital and paper) of all correspondence, statements, and report numbers.

What to monitor and for how long

  • Account statements: Check daily for the first 30–90 days, then weekly for at least a year. Criminals may wait months to use your data.
  • Credit reports: Request free copies from AnnualCreditReport.com; check each bureau’s report for unfamiliar accounts or inquiries. After a breach, check every 30–60 days for at least a year.
  • Dark web and breach-monitoring alerts: Consider reputable identity monitoring services for additional alerts, but don’t rely on them as your only protection.

Disputing fraudulent charges and accounts

  1. For unauthorized transactions on cards, contact the issuer immediately and follow their fraud dispute process. Federal law limits consumer liability for credit card fraud if reported promptly.
  2. For fraudulent accounts opened in your name, use the IdentityTheft.gov recovery plan to create a dispute letter and sample forms to send to creditors and credit bureaus.
  3. Send dispute letters by certified mail when possible and keep copies of everything.

Lock down other identity points

  • Social Security Number: If your SSN was exposed, consider filing an identity theft report and adding an extended fraud alert. In extreme cases consult a lawyer about placing additional administrative protections.
  • Passport and driver’s license: If IDs were stolen, contact the issuing agency to learn replacement steps and whether you should notify law enforcement.
  • Medical information: If health records were breached, monitor Explanation of Benefits (EOBs) and health insurer accounts for suspicious activity.

Practical steps and timing summary

  • Immediately (same day): Secure email and financial accounts; change passwords; enable 2FA.
  • Within 24–48 hours: Place a fraud alert and review recent transaction history; contact banks/issuers about suspicious charges.
  • Within 72 hours: Consider a credit freeze if SSN or account numbers were exposed; file reports with IdentityTheft.gov and document everything.
  • Ongoing (30+ days): Monitor credit reports and account statements; dispute fraudulent items; follow recovery plan steps until fully resolved.

For detailed how-to guidance on freezing and managing credit, FinHelp’s guides are practical: How to Secure a Fraud Alert and Credit Freeze and Protecting Your Credit When a Company Data Breach Occurs.

Common mistakes I see (and how to avoid them)

  • Waiting to act: Even a 24–48 hour delay can let thieves open accounts. Act the same day you learn of a breach.
  • Focusing only on bank cards: Credit accounts, utility accounts, tax identity, and medical accounts can all be targets.
  • Reusing passwords: One breach can domino into others. Use unique passwords and a password manager.
  • Assuming monitoring services are a complete fix: They help, but you still must respond to alerts and freeze or dispute accounts when necessary.

When to get professional help

If the breach leads to ongoing identity theft, large financial loss, or fraud that affects your credit profile, consider:

  • Speaking with a certified financial planner or credit counselor to prioritize recovery actions.
  • Consulting a consumer protection attorney if fraud is complex, such as tax identity theft or synthetic identity fraud.

In my practice I’ve escalated several cases to legal counsel when clients faced persistent fraud across multiple creditors—legal help can be essential for complex, multi-jurisdictional fraud.

Privacy and prevention tips going forward

  • Use a password manager and enable 2FA for all important accounts.
  • Limit sharing of your SSN; ask why an organization needs it and if alternatives exist.
  • Shred sensitive documents and set up secure mail handling.
  • Keep software and devices up to date; apply patches and use reputable antivirus software.
  • Regularly review your credit reports (free at AnnualCreditReport.com) and sign up for bank/text alerts for transactions.

Sources and further reading

Professional disclaimer: This article is educational and reflects common best practices and my experience in personal finance and identity recovery. It is not legal advice. For tailored legal or financial guidance, consult a qualified professional.

If you’d like a one-page printable checklist or sample dispute letter formatted for mail, I can provide templates to save or print.