TechFor60s
Safety & Securitybeginner

Your Data Was Breached — Here Is Exactly What to Do

Data breaches happen to companies like T-Mobile, AT&T, and Equifax all the time. If your information was exposed, here are the exact steps to protect yourself.

TF
TechFor60s Team
·11 min read·Takes about 9 minutes
Share:
Digital lock with data protection concept

You Open Your Mailbox and Find a Letter No One Wants

Imagine this. You walk to the mailbox on a quiet Tuesday afternoon. Between the electric bill and a grocery flyer, there is an official-looking envelope. You open it. The letter inside says something like: "We regret to inform you that your personal information may have been compromised in a recent security incident."

Your heart sinks. What does this mean? Is someone stealing your money right now? Should you cancel your credit cards? Should you call the police?

Take a deep breath. You are not powerless here. Millions of people receive letters like this every year, and there are clear, simple steps you can take to protect yourself. This guide will walk you through every single one of them.

What Is a Data Breach, Exactly?

A data breach happens when hackers break into a company's computer systems and steal personal information. Think of it like a burglar breaking into a filing cabinet at your doctor's office or your bank — except the filing cabinet is digital, and the burglar can be anywhere in the world.

The stolen information might include your name, email address, phone number, Social Security number, credit card numbers, medical records, or passwords. Not every breach exposes all of this, but even a leaked email address can lead to problems down the road.

If you would like to understand the broader world of online crime, our guide on what cyber crime is and how it works explains the basics in plain language.

Major Data Breaches That Affected Millions of People

You are not alone if your data has been exposed. Some of the biggest companies in the world have suffered massive security breaches in recent years:

  • T-Mobile (2021-2023): Over 76 million customers had their names, dates of birth, Social Security numbers, and driver's license information stolen across multiple breaches.
  • AT&T (2024): Call and text records for nearly all AT&T cellular customers — roughly 110 million people — were exposed in a major data leak.
  • Equifax (2017): One of the three major credit bureaus was hacked, exposing the personal data of 147 million Americans, including Social Security numbers and birth dates.
  • TransUnion (2022): Another credit bureau breach affected millions of consumers, with sensitive financial data stolen by a hacking group.
  • Change Healthcare (2024): A massive healthcare data breach exposed medical records, insurance information, and Social Security numbers for over 100 million Americans — one of the largest health data leaks in history.

The important thing to understand is this: breaches are not your fault. These companies were responsible for protecting your data, and they failed. Your job now is to protect yourself going forward.

How to Check If Your Information Was Exposed

Before you take action, it helps to know exactly what happened. Here is how to find out.

Step 1: Read the Notification Carefully

Whether you received a letter in the mail, an email, or saw a news story, read the details carefully. The notification should tell you:

  • Which company was breached
  • What type of information was exposed (email, password, Social Security number, etc.)
  • What the company is offering to help (usually free credit monitoring)

Step 2: Use Have I Been Pwned

One of the best free tools on the internet for checking data breaches is a website called Have I Been Pwned (haveibeenpwned.com). Here is how to use it:

  1. Open your web browser and go to haveibeenpwned.com
  2. You will see a search box in the middle of the page
  3. Type in your email address and click the search button
  4. The website will show you a list of every known data breach that included your email address

Do not worry — this website is safe and trusted. It was created by a well-known security expert and does not store or share your information. It simply checks your email against a database of known breaches.

If your email appears in multiple breaches, that is unfortunately very common. The average person's email has been exposed in 5 to 10 breaches. The key is knowing about it so you can take action.

Step 3: Check Your Passwords Too

On the same website, there is a section called "Passwords" where you can check if any of your passwords have appeared in known data leaks. If a password you use shows up there, change it immediately — on every account where you used it.

You can also use our password strength checker tool to make sure your new passwords are strong enough to resist hacking attempts.

Your Step-by-Step Action Plan After a Data Breach

Now that you know what was exposed, here is your complete action plan. You do not need to do everything at once. Work through these steps one at a time, and check each one off as you go.

Step 1: Change Your Passwords Immediately

If the breach involved login credentials (your username and password), change your password for that account right away. Then change it on any other account where you used the same password.

Important rules for new passwords:

  • Make each password at least 12 characters long
  • Use a mix of uppercase letters, lowercase letters, numbers, and symbols
  • Never reuse the same password across multiple accounts
  • Consider using a password manager to keep track of everything

Step 2: Turn On Two-Factor Authentication

Two-factor authentication (also called 2FA) adds a second layer of security to your accounts. Even if a hacker has your password, they cannot get in without the second factor — usually a code sent to your phone.

Turn on 2FA for your most important accounts first:

  • Email accounts (Gmail, Yahoo, Outlook)
  • Bank and financial accounts
  • Social media accounts
  • Shopping accounts (Amazon, etc.)

Step 3: Freeze Your Credit at All Three Bureaus

If your Social Security number was exposed in the breach, freezing your credit is the single most important step you can take. A credit freeze prevents anyone from opening new credit cards, loans, or accounts in your name.

Here is how to freeze your credit — it is free and takes about 10 minutes per bureau:

  • Equifax: Call 1-800-349-9960 or visit equifax.com/personal/credit-report-services
  • Experian: Call 1-888-397-3742 or visit experian.com/freeze
  • TransUnion: Call 1-888-909-8872 or visit transunion.com/credit-freeze

You must freeze your credit at all three bureaus for full protection. A freeze at just one still leaves you vulnerable through the other two.

When you need to apply for a new credit card or loan in the future, you can temporarily "thaw" the freeze — it only takes a few minutes.

Step 4: Set Up Fraud Alerts

In addition to a credit freeze, you can place a fraud alert on your credit file. This tells lenders to take extra steps to verify your identity before approving new credit. You only need to contact one of the three credit bureaus — they are required by law to notify the other two.

Step 5: Monitor Your Bank and Credit Card Statements

For the next 6 to 12 months after a security breach, check your bank and credit card statements carefully every week. Look for:

  • Charges you do not recognize, even small ones (thieves often test with small amounts first)
  • New accounts you did not open
  • Changes to your address or contact information

Our guide on preventing credit card and bank fraud goes into much more detail on what to watch for and how to report suspicious activity.

Step 6: Sign Up for the Free Credit Monitoring

Most companies that suffer a data breach are required to offer free credit monitoring to affected customers, usually for one or two years. Always sign up for this. It is free, and it will alert you if someone tries to use your information to open new accounts.

Step 7: Consider Identity Theft Protection Services

If you want ongoing peace of mind beyond the free monitoring period, an identity theft protection service can watch over your personal information around the clock. These services monitor the dark web, credit bureaus, and public records for signs that someone is using your identity.

We have reviewed the best options in our guide to the best identity theft protection services for seniors in 2026.

Where Does Your Stolen Data End Up?

When hackers steal personal information in a data breach, they often sell it on hidden parts of the internet known as the dark web. Your Social Security number, for example, might sell for as little as a few dollars. A complete set of identity documents — name, address, Social Security number, and date of birth — can sell for $20 to $50.

This is why acting quickly matters. The sooner you freeze your credit and change your passwords, the less useful your stolen data becomes to criminals.

If you are curious about how this underground marketplace works, our guide on what the dark web is explains it in simple, clear terms without any of the technical jargon.

What If Someone Already Used Your Stolen Information?

If you discover that someone has already used your information — for example, you find unfamiliar accounts on your credit report or charges on your bank statement — here is what to do:

  1. Contact your bank or credit card company immediately. Tell them about the unauthorized activity. They will freeze the affected accounts and begin an investigation.
  1. File a report with the FTC. Go to IdentityTheft.gov and follow the steps. This creates an official record and gives you a personalized recovery plan.
  1. File a police report. While local police may not investigate the crime directly, having an official report on file can help you dispute fraudulent accounts and charges.
  1. Place an extended fraud alert. If you are a confirmed identity theft victim, you can place an extended fraud alert that lasts seven years instead of one.
  1. Dispute fraudulent accounts. Contact each company where a fraudulent account was opened. Send them a copy of your FTC Identity Theft Report and request that the account be closed.

How to Protect Yourself Before the Next Breach

Since data breaches are unfortunately a regular part of modern life, here are habits that will keep you safer going forward:

  • Use a different password for every account. This way, if one account is breached, your other accounts remain safe.
  • Keep your software updated. Updates often include security fixes that protect you from known vulnerabilities.
  • Be cautious with your personal information. Only share your Social Security number, date of birth, and financial details when absolutely necessary.
  • Review your credit reports regularly. You can get free credit reports at AnnualCreditReport.com — check all three bureaus at least once a year.
  • Watch for phishing emails that pretend to be breach notifications. Scammers sometimes send fake breach alerts to trick you into clicking dangerous links. Always go directly to the company's website instead of clicking links in emails.

Common Questions About Data Breaches

Can I sue the company that was breached?

In many cases, class-action lawsuits are filed after major breaches. You may receive a notice about joining one. The settlements are usually small per person, but it is worth participating. The Equifax settlement, for example, offered affected consumers free credit monitoring and cash payments.

Should I close accounts at companies that were breached?

Not necessarily. Closing the account does not undo the breach, since your data was already exposed. Focus instead on changing passwords and monitoring your accounts.

How long should I worry about a breach?

Stolen data can be used months or even years after a breach. This is why credit freezes are so valuable — they provide permanent protection until you choose to lift them.

Is the free credit monitoring companies offer actually useful?

Yes. While it will not prevent fraud, it will alert you quickly so you can respond. Pair it with a credit freeze for the strongest protection.

You Have the Power to Protect Yourself

Receiving a data breach notification can feel scary and overwhelming. But here is the truth: you have more control than you think. By following the steps in this guide — checking if you are affected, changing your passwords, freezing your credit, and monitoring your accounts — you are taking the same actions that security experts recommend.

You do not need to be a technology expert. You do not need to understand how hackers work. You just need to follow the steps, one at a time. And if you ever feel stuck, come back to this guide. It will be here whenever you need it.

Your personal information is worth protecting, and so are you.

#data breach#identity protection#cyber security#data leak#senior safety

Was this guide helpful?

Know someone who would find this useful?

Share:

You Might Also Like

Senior person using a laptop for research
Safety & Security
beginner5 minutes

AARP Fraud Watch Network — Free Scam Protection Resources for Seniors

AARP's Fraud Watch Network offers free tools, a scam helpline, and a tracking map to help seniors fight back against fraud. Here is how to use everything they offer.

·9 min read
Package deliveries at a front door
Safety & Security
beginner8 minutes

Amazon Scams — Fake Orders, Phishing Emails, and Gift Card Fraud

Amazon is the most impersonated company in the world. Here is how scammers use fake order confirmations, phishing emails, and gift card tricks to steal from seniors.

·9 min read
Person making a mobile payment on their phone
Safety & Security
beginner7 minutes

Cash App, Zelle and PayPal Scams — How to Stay Safe

Payment apps make sending money easy, but scammers know that too. Learn the most common Cash App, Zelle, and PayPal scams and how to protect yourself.

·11 min read