What to Do After a Data Breach

Confirm the Breach Is Genuine

Before taking any action, verify that the breach notification you received is legitimate. Scammers frequently send fake breach notifications as phishing attacks, designed to trick you into clicking malicious links or entering your credentials on fraudulent websites. Do not click any links in the notification email or message.

Instead, go directly to the affected company's website by typing the address into your browser. Check their official communications channels, social media accounts, and press releases for confirmation. You can also check Have I Been Pwned to see whether your email address appears in the reported breach. This free service, run by security researcher Troy Hunt, aggregates data from confirmed breaches and lets you check your exposure.

Change Your Passwords Immediately

Start with the account that was directly affected by the breach. Create a new, strong, unique password that you have never used before. If you used the same password on any other accounts, change those immediately as well, giving each one a distinct password.

Prioritise the following accounts:

• Email accounts: Your email is the gateway to every other service, since most password resets are sent via email.
• Banking and financial services: Protect your money and financial data first.
• Social media platforms: Including your KF.Social account, to prevent impersonation.
• Any account using the same password: Even seemingly low-value accounts can be used as stepping stones to more important ones.

This is the right time to set up a password manager if you do not already use one. A password manager generates and stores unique passwords for every account, eliminating the risk of password reuse.

Enable Two-Factor Authentication

If you have not already enabled two-factor authentication (2FA) on your accounts, do so now. Use an authenticator app such as Google Authenticator, Microsoft Authenticator, or Authy rather than SMS-based verification, which is vulnerable to SIM swapping attacks. Two-factor authentication ensures that even if an attacker has your password, they cannot access your account without the second verification step.

Check Your Financial Accounts

Review your bank statements, credit card transactions, and any other financial accounts for unauthorised activity. Look for:

• Transactions you do not recognise, no matter how small. Criminals often test stolen financial details with small purchases before making larger ones.
• New direct debits or standing orders you did not set up.
• Changes to your account details, such as address or contact information, that you did not make.

If you find suspicious activity, contact your bank or card provider immediately. They can freeze your account, reverse fraudulent transactions, and issue new cards. Under UK banking regulations, you are generally protected against unauthorised transactions provided you report them promptly.

Freeze Your Credit

A credit freeze, sometimes called a credit lock, prevents new credit applications from being processed in your name. This stops criminals from opening bank accounts, taking out loans, or obtaining credit cards using your stolen identity. Contact the three main UK credit reference agencies to place a freeze:

• Experian
• Equifax
• TransUnion

Each agency operates independently, so you must contact all three. A credit freeze does not affect your existing accounts or your credit score. You can lift the freeze temporarily when you need to apply for legitimate credit.

Monitor Your Identity

In the weeks and months following a breach, remain vigilant for signs that your data is being misused:

• Set up alerts with your bank for any transactions above a certain threshold.
• Register with a credit monitoring service to receive notifications of changes to your credit file.
• Watch for unexpected post, particularly letters from financial institutions you have no relationship with, or notifications about accounts you did not open.
• Be alert to phishing attempts. Criminals who have your personal data from a breach may use it to craft highly convincing phishing messages that reference specific details about you.

Report the Breach

Reporting a breach creates an official record and may contribute to wider investigations. You should consider reporting to the following bodies:

• The ICO: If you believe an organisation has failed to protect your data adequately, you can report the breach to the Information Commissioner's Office. The ICO is the UK's independent body responsible for enforcing data protection legislation.
• Action Fraud: If you have suffered financial loss or believe your identity is being used fraudulently, report it to Action Fraud, the UK's national reporting centre for fraud and cybercrime.
• Your bank: Report any suspicious activity directly to your financial providers.

Data Breach Compensation

Under UK GDPR and the Data Protection Act 2018, you may be entitled to compensation if an organisation's failure to protect your data has caused you material damage (financial loss) or non-material damage (emotional distress). The ICO can investigate and take enforcement action against organisations, although compensation claims are typically pursued through the courts or specialist solicitors.

Before pursuing a claim, document everything: the breach notification, any financial losses, time spent resolving the issue, and the emotional impact. This evidence strengthens your position whether you pursue a claim independently or through a solicitor.

Taking decisive action in the first hours and days after a breach makes a significant difference. The faster you secure your accounts and alert the relevant authorities, the more limited the potential damage will be.