Data breaches are now a near-certainty for American consumers. The Equifax breach alone exposed the Social Security numbers, birth dates, and credit history of 147 million people. When a company you do business with is breached, the stolen data ends up on dark web marketplaces — sometimes immediately, sometimes years later. The window between exposure and fraudulent use of your data is unpredictable, which is why your response matters.
First 48 Hours: Immediate Actions
- Confirm the breach — visit the company's breach notification page or use HaveIBeenPwned.com to verify your email was exposed
- Change your password for the breached service immediately, and any other account using the same password
- Enable two-factor authentication on the breached account and all financial accounts
- Place a fraud alert with one of the three credit bureaus — it automatically notifies the other two
- Review your credit card and bank statements from the past 30 days for unfamiliar transactions
- Accept any credit monitoring offered by the breached company — it's free and provides one more layer of alerts
Beware of phishing scams that follow breaches. Criminals send fake breach notification emails to trick you into clicking malicious links. Go directly to the company's official website — do not click links in emails claiming to be breach notifications.
If Your Social Security Number Was Exposed
An exposed SSN is the highest-risk breach because it enables new account fraud — someone opening credit cards, loans, or even filing tax returns in your name. The appropriate response to an SSN exposure is stronger than for email or password breaches:
- Place a credit freeze at all three major bureaus immediately (Equifax, Experian, TransUnion)
- Also freeze at ChexSystems and Innovis (used for bank account openings)
- File your taxes as early as possible in the following year — this reduces the window for tax return fraud
- Consider placing an IRS Identity Protection PIN (apply at IRS.gov) to prevent fraudulent returns
- Check your Social Security earnings record annually at ssa.gov to detect anyone working under your SSN
The Credit Freeze: Your Most Important Tool
A credit freeze prevents any lender from pulling your credit report to open a new account. Since 2018, freezes are free and can be placed and lifted entirely online in minutes. When you need to apply for credit legitimately, you temporarily lift the freeze for a specific bureau, then refreeze immediately after.
| Bureau | Freeze URL |
|---|---|
| Equifax | equifax.com/personal/credit-report-services/credit-freeze |
| Experian | experian.com/freeze |
| TransUnion | transunion.com/credit-freeze |
| ChexSystems | chexsystems.com/web/chexsystems/consumerdebit/page/securityfreeze |
| Innovis | innovis.com/personal/securityFreeze |
Ongoing Monitoring After a Breach
Dark web exposure doesn't always lead to immediate fraud. Stolen data can sit dormant for months or years before being used. Set up ongoing monitoring habits after any SSN-level breach:
- Check all three credit reports quarterly — not just annually
- Monitor bank and credit card transactions weekly
- Set up account alerts at every financial institution for any transaction over $1
- Review your Social Security statement annually for unknown earnings
- Check your health insurance explanation of benefits for claims you didn't make (medical identity theft)
Compensation: Can You Sue After a Breach?
If you suffered actual financial harm (fraudulent accounts, time spent recovering, out-of-pocket losses) from a data breach, you may have legal recourse. The Equifax breach settlement, for example, offered affected consumers up to $20,000 in documented losses. Major breaches often result in class-action settlements that provide compensation for affected consumers — watch for opt-in notices and respond to any settlement communications you receive.