Data leak: What to do if your data has been breached

If your personal information was exposed in a data breach or leaked, you’re at risk of targeted scams, identity theft, and other cyberthreats. Help protect your accounts and identity by confirming what data was compromised, then change your passwords, enable two-factor authentication, monitor your accounts for suspicious activity, and look out for phishing attacks.

Knowing what to do after a data breach is crucial, because even companies you entrust with highly sensitive data can make serious mistakes if they don’t have the right safeguards in place.

In March 2026, the identity theft protection provider Aura suffered a data breach that exposed nearly 900,000 customer records. The company claims the incident resulted from an employee falling victim to a voice phishing attack and granting access to an unauthorised third party. This exposes customers to targeted attacks like phishing and social engineering.

If you think your data has been breached, here are the steps you need to take.

1. Confirm if your data was compromised

When a company suffers a data breach, it’s required under the UK GDPR to notify the supervisory authority within 72 hours. If it poses a high risk to those affected, they should also be informed. If the breach is likely to put affected people at high risj, the organisation should also inform them directly.

But even without an official notice, unusual account activity may signal trouble. That’s why it’s important to check proactively for signs of a data breach instead of waiting for confirmation. If you suspect your data has been exposed, here’s how to confirm your suspicions:

• Check your accounts: Look for weird transactions, password changes, altered settings, or new login alerts. These can all signal unauthorised access following a data breach.
• Review your credit reports: Scan your credit reports for unfamiliar accounts or enquiries, which could mean someone is trying to open credit in your name.
• Watch for suspicious login alerts: Sometimes companies will email you about suspicious account activity. Look into them, but watch out for phishing attempts. Attackers may create a phoney login alert to trick you into revealing information that allows them to take over your account.
• Monitor your information: Use the Dark Web Monitoring feature included in Norton 360 Advanced to get automatic alerts if your data has surfaced on the dark web — the hidden part of the internet where leaked data is often posted or sold.

2. Determine what data was exposed

Once you’ve confirmed your information was involved in a data breach, the next step is figuring out what type of data was leaked. Different kinds of data exposure lead to different risks, so knowing what’s exposed helps you take the right precautions.

Let’s dive into some common types of leaked data and how their exposure puts you at risk:

• Personally identifiable information (PII): Exposure of PII, like your full name, address, or birth date can make you a more vulnerable scam target. Scammers can use this information to make their social engineering and phishing attempts more convincing: a phishing email or vishing call that includes your real name and date of birth is much more likely to trick you — or a customer service representative — into believing it’s legitimate. Tools like Norton Genie, an AI-powered scam detector, can help alert you to clever scams.
• Email address: If your email appears in a data breach, you’re likely to see an uptick in spam and phishing messages. Protect yourself by changing your passwords, enabling two-factor authentication (2FA) wherever possible, and watching out for phishing attempts. 
• Phone number: Leaked phone numbers can lead to more spam calls or texts and account break-in attempts. They can also put you at risk of phone takeovers by hackers. Protect yourself by reporting spam numbers, securing online accounts linked to your number, and using AI scam protection features like those included in Norton 360 Advanced. 
• Passwords: If your password or account credentials are leaked, you are at heightened risk of account takeovers, especially if you reuse the same password on multiple sites. Once in your account, fraudsters could make purchases using stored payment details, steal gift cards linked to your account, change your login information to lock you out, or harvest additional personal data to target your other accounts.
• Biometric data: Since biometric info like fingerprints, face ID, or retinal scans is permanent and unique, leaks pose serious risks. Criminals may use it to bypass security or pair it with other stolen credentials. If affected, review which devices or accounts use biometrics and strengthen secondary protections like PINs or tokens.
• Credit card details: If your credit card details are exposed in a data breach, you’re at risk of credit card fraud. Protect yourself by monitoring your bank and credit card statements for suspicious activity, freezing your cards, setting up transaction alerts, and reporting any unauthorised charges to your bank immediately.
• Passport details: This is among the most serious breaches, since it can be used for identity theft and fraud. If your passport was stolen, report it immediately to HM Passport Officeto help protect your identity. Then, monitor Credit Reference Agencies (CRAs) and watch your credit reports for new accounts.

3. Secure vulnerable accounts

After a data breach, attackers may try to break into your accounts or lock you out of them. Securing your logins with stronger protections can help you stay in control and prevent further damage.

Here’s how:

• Change your passwords: Update passwords for any accounts tied to the exposed email address or login. If you reused that password elsewhere, update those accounts too. 
• Use a password manager: Generate strong, unique passwords for every account and store them in an encrypted password manager so you don’t have to remember them all. This ensures one stolen password doesn’t compromise multiple accounts.
• Set up multi-factor authentication (MFA): MFA requires you to provide two or more verification factors before you can access your accounts. This helps protect you from post-breach threats by adding an extra layer of security, making it significantly harder for unauthorised users to gain access even if they have your password.
• Remove unfamiliar devices: After a data breach, check your accounts for suspicious logins. If you see unfamiliar devices, remove them. 
• Protect your SIM card: Scammers can use your personal information to trick your mobile carrier into swapping your phone number to their SIM card, a practice known as a SIM swap attack. This allows them to intercept your calls and texts, including two-factor authentication codes.

Protect your SIM card by setting up a unique PIN with your mobile carrier and getting Norton 360 Advanced to get security and identity protection features to help safekeep your personal data.

4. Protect your credit file

If highly sensitive information like your National Insurance number, address or banking details are exposed in a data breach, criminals could try to use it to apply for credit, loans or other contracts in your name.

If you believe you’re at risk of identity theft, you can apply for Cifas Protective Registration. This places a warning on your name and other details in Cifas’ National Fraud Database, which allows them to monitor your information and inform you in case of identity fraud.

You can also monitor your credit report with the UK’s main CRAs and check for suspicious activity such as accounts or applications you don’t recognise and request a credit freeze if needed. If you find anything malicious, report it to the CRA and to ReportFraud.

But you don’t have to do it alone, subscribe to Norton 360 Advanced to get alerts of any major changes to your credit report such as missed payments or a closed account.

5. Warn people you know

If your accounts or contact details were exposed in a data breach, attackers may try to use that information to scam your friends, family, or colleagues. They might send phishing emails, suspicious texts, or even impersonate you to trick others into sharing personal data.

To reduce the risk, give your contacts a heads-up so they know to be cautious with unusual messages. Remind them not to click suspicious links, download unexpected attachments, or share sensitive information without confirming it’s really from you. A quick warning can go a long way.

How to protect yourself from future data breaches

No one can fully guarantee protection from a data breach, but good security habits can reduce your risk and limit the damage if one occurs. The key is to protect your accounts, share less information, and stay alert for scams:

• Use multiple email accounts: Use separate email addresses for banking, shopping, social media, and personal use. That way, if one account is breached, the damage is contained.
• Strengthen your passwords: Create unique, complex passwords for every account. A password manager can help you keep track without reusing them. Unique passwords offer real protection against hacking techniques like brute force attacks and credential stuffing. 
• Look out for signs of scams: Watch for common phishing red flags like suspicious links, grammar mistakes, or urgent requests for personal info. If you clicked on a malicious link, perform a quick malware scan. Tools like Norton Genie can help you determine if a message or link is legitimate using the power of AI.
• Verify before you click: If something feels off, confirm directly with the company or person using a trusted contact method. This can help you avoid downloading malware or directly sharing sensitive information with an unsafe person. 
• Limit information sharing: Only share the minimum personal details necessary, even with legitimate organisations. The less data you share, the less there is to steal.
• Sign up for identity theft protection: Identity theft and data breach protection services help you monitor the dark web for your personal data. Norton 360 Advanced also provides access to Identity Restoration Support, helping you take action if your identity is compromised, so you can respond more quickly and confidently.

What should the affected company do after a data breach?

A data breach doesn’t just impact you. The company involved also has a responsibility to act quickly and responsibly. Here are the key steps they should take:

• Contain the breach: Isolate compromised systems or networks to stop the attack from spreading.
• Assess the damage: Investigate what data was accessed, when it happened, and who was responsible.
• Notify anyone affected: Be transparent by informing customers and employees whose data was exposed. Companies should also provide resources and guidance to help people protect themselves.
• Restore their systems: Patch vulnerabilities and repair compromised systems to get operations back on track.
• Enhance security: Ideally, companies should strengthen software defences, train employees, and implement tighter security protocols to prevent future breaches.

Recent data breach news

Data breaches regularly make headlines, and they impact even the biggest organisations. Here’s what’s been making waves lately.

Google, Apple, and Facebook

In what’s being called the largest data breach in history, an infostealer attack targeted Google, Apple, and Facebook. According to Cybernews, the breach exposed 16 billion login credentials across 30 datasets. While some records may be outdated, experts warn that much of the stolen information is fresh and poses a serious threat to users.

Qantas

In June 2025, Australian airline Qantas reported suspicious activity in a third-party customer service platform containing data from about 6 million people. Exposed information included names, email addresses, phone numbers, birth dates, and frequent flyer numbers. The investigation is ongoing.

Co-op

In April 2025, Co-op suffered a cyberattack that exposed the personal data of all 6.5 million members. According to reports, the information included names, addresses and contact details, although no financial information had been accessed.

Transport for London

In September 2024, TfL reported a cyberattack that led to the personal data of around 10 million people being accessed. The compromised information included names, contact details, and home addresses. For around 5,000 people, it also included their bank account details. On top of that, the cyberattack caused TfL £39m in damages due to its breach of the internal computer systems.

Guard your identity after a breach

Once your personal information has been exposed after a data breach or leak, your identity is in danger.

With Norton 360 Advanced, you get layered protection against the fallout of data breaches and leaks. Help spot bespoke scams using the power of AI, receive alerts if your sensitive data shows up on the dark web and access support designed to help you respond to identity-related incidents.

FAQs

Can I get compensation for a data breach?

According to UK GDPR, you may be able to claim compensation due to a data protection violation. However, this depends on the case, so it’s better to get consultation from a legal professional.

What was the biggest data breach in history?

The largest data breach to date targeted tech companies like Apple, Facebook, and Google, exposing 16 billion login credentials.