Skip to main content
How it works Pricing Enterprise Our Mission Blog
Sign in Get started
← All articles Dark Web

Your Email Was in a Data Breach. Here's Exactly What to Do.

Vettadex Editorial · 6 min read

Getting a breach notification email is alarming. Your instinct is probably to change your password and hope for the best. That's a start, but it's not enough — and the next 48 hours are more important than most people realize.

First: Understand what was actually exposed

Not all breaches are equal. A breach that exposed your email address and username is very different from one that exposed your password, home address, financial information, or social security number. Every breach notification should tell you what data was compromised — read it carefully before doing anything else.

Check HaveIBeenPwned: Go to haveibeenpwned.com and enter your email address. This free tool will show you every known breach your email has appeared in, what data was exposed, and when it occurred. Many people find breaches they were never notified about.

If your password was exposed

Change it immediately — not just on the breached site, but on every other site where you use the same password or a similar one. Password reuse is how one breach becomes five. Use a password manager to generate and store unique passwords for every site. If you don't have one, 1Password, Bitwarden, and Dashlane are all solid options.

Enable two-factor authentication on every account that supports it, especially email, banking, and social media. SMS-based 2FA is better than nothing, but an authenticator app (Google Authenticator, Authy) is significantly more secure.

If your email address was exposed

Your email address alone enables phishing attacks. In the weeks after a breach, expect an increase in suspicious emails — offers that seem too good, password reset requests you didn't initiate, urgent messages claiming to be from your bank or a service you use. Be more skeptical than usual. When in doubt, go directly to the website rather than clicking links in emails.

If your financial information was exposed

Contact your bank or credit card company immediately. Request new card numbers. Place a fraud alert with the three major credit bureaus (Equifax, Experian, TransUnion) — this is free and requires creditors to verify your identity before opening new accounts. If the breach included your social security number, consider a credit freeze, which is more restrictive but provides stronger protection.

If your home address or phone number was exposed

This data feeds directly into data broker databases. Within weeks of a breach, your address and phone number can appear on people-search sites even if they weren't there before. This is the time to proactively audit and remove your information from broker sites before it spreads further.

See exactly what's out there about you.
Vettadex scans 100+ sources, scores your reputation, and automatically submits removal requests to every data broker on your behalf.
Protect your reputation →

The longer-term reality

Once your data has been in a breach, it doesn't disappear. Breach data gets sold on dark web markets, compiled into larger datasets, and redistributed for years. The steps above minimize your immediate risk, but the exposed information remains in circulation. Ongoing monitoring is the only way to catch when it surfaces somewhere new.

Check your credit report quarterly through annualcreditreport.com. Monitor your email address through HaveIBeenPwned's free alert system. And audit your search results periodically to catch new broker listings or content that appears using your exposed data.