Data Breach and Your Credit — Step-by-Step Response Guide for 2026

When a major data breach happens, the stolen records — Social Security numbers, financial account data, addresses, passwords — move quickly. Security researchers have documented stolen records appearing for sale on dark web marketplaces within 24 hours of a breach. If your information was in the Change Healthcare breach (100 million records), the AT&T breach (73 million), or any of the dozens of significant exposures in recent years, your financial identity may already be in circulation. Here is exactly what to do — in order — starting now.

The First 72 Hours — Act Fast

The first action is not monitoring — it is prevention. A credit freeze is the most powerful tool available to breach victims, and it is free under FCRA Section 605A. A credit freeze prevents anyone from opening new credit accounts in your name because lenders cannot access your credit report to evaluate an application. Even if someone has your SSN and all your personal information, they cannot open a new credit card, loan, or account with most lenders while your credit is frozen.

You must freeze at all three major bureaus separately — one freeze does not cover the others:

• Equifax: equifax.com/personal/credit-report-services or 1-800-349-9960
• Experian: experian.com/freeze/center or 1-888-397-3742
• TransUnion: transunion.com/credit-freeze or 1-888-909-8872

Also freeze at ChexSystems (chexsystems.com) — this protects against fraudulent checking and savings account openings. And freeze at NCTUE (the National Consumer Telecom and Utilities Exchange) to prevent fraudulent utility and wireless account openings.

Freezing takes effect almost immediately through the online portals. Keep the PINs or passwords each bureau provides — you will need them to temporarily unfreeze when you legitimately apply for credit. Freezes are free to place and free to lift.

Place a Fraud Alert

In addition to a freeze, place an initial fraud alert with one bureau — by law, that bureau must notify the other two. A fraud alert instructs lenders to take extra steps to verify your identity before opening credit in your name. An initial fraud alert lasts one year. An extended fraud alert (for confirmed identity theft victims) lasts seven years and requires an FTC identity theft report.

A fraud alert is less powerful than a freeze — it asks lenders to be cautious rather than preventing access entirely. Use both. The freeze is your primary defense; the alert is a backup that helps with situations where a freeze might not apply (utilities, telecommunications, medical providers who do not use the standard bureau pull).

File an FTC Identity Theft Report

If you have confirmed that your information has been used fraudulently — new accounts opened, fraudulent charges, tax return filed in your name — file an identity theft report at identitytheft.gov. This creates an official FTC report that gives you legal standing under the FCRA.

With an FTC identity theft report, you can:

• Request a seven-year extended fraud alert (instead of just one year)
• Block fraudulent accounts from your credit report under FCRA Section 605B — this is a block, not a dispute, and works even if the information is technically accurate (it was just fraudulently obtained)
• Exercise your right to free copies of your credit report from any business that furnished fraudulent information to the bureaus
• Stop debt collectors from collecting on fraudulent debts you are disputing

The FCRA Section 605B block is particularly powerful. While a standard dispute requires the bureau to "investigate" (which often means just asking the furnisher to verify), a 605B block requires the bureau to block the fraudulent account entirely based on your identity theft report — no waiting for the furnisher to respond.

Review All Three Credit Reports Immediately

After securing your freeze and fraud alert, pull full reports from all three bureaus at annualcreditreport.com. Under the current rules, you can pull free reports weekly. Look specifically for:

• New accounts you did not open — particularly credit cards, personal loans, and utility accounts
• Hard inquiries from lenders you did not apply to
• Address changes or employment history you do not recognize
• Changes to account statuses on existing legitimate accounts

Document everything you find with screenshots and printed copies. If you find fraudulent accounts, note the creditor name, account number (last four digits typically shown), the date opened, and the current balance. You will need this information for the dispute and block process.

Protect Your Tax Filing

One form of identity theft that credit freezes do not prevent: fraudulent tax returns. If someone has your SSN, they can file a tax return before you and claim your refund. The IRS's Identity Protection PIN (IP PIN) program prevents this.

Enroll in the IRS IP PIN program at irs.gov/ippin. Once enrolled, you receive a six-digit PIN each January that must be included on your tax return. Without the current PIN, a return filed with your SSN will be rejected. The program is free and available to all taxpayers, not just breach victims.

Also check for state income tax fraud in states where you have filed. Some states have their own identity protection programs.

The 12-Month Monitoring Protocol After a Breach

Fraud from data breaches does not always materialize immediately. Stolen data is often held, sold, and re-sold before being used. Criminals sometimes wait months or years before exploiting stolen credentials. A 12-month monitoring protocol is appropriate:

• Monthly: Pull one free credit report (rotating through the three bureaus monthly gives you roughly quarterly coverage of each) and review for new activity
• Quarterly: Check all financial accounts for unusual transactions — not just credit, but bank accounts, investment accounts, retirement accounts
• Annually: Renew the fraud alert if you did not place a seven-year extended alert; review whether to keep the credit freeze in place or lift it
• Immediately: Act on any new unauthorized accounts found — file a 605B block with supporting documentation, dispute the account with the bureaus, and contact the creditor directly to report the fraud

Class action settlements from breach notifications often include free credit monitoring for 1–3 years. Accept these offers — they are free and provide an additional layer of surveillance beyond your own manual reviews. However, do not confuse monitoring with protection: monitoring tells you after something has happened; the credit freeze prevents it from happening in the first place.

If you find fraudulent accounts that you cannot get removed through bureau disputes and 605B blocks, consult with a consumer protection attorney. The FCRA provides for statutory damages ($100–$1,000 per violation), actual damages, and attorney fees when creditors or bureaus fail to comply with removal requirements for documented identity theft accounts. Results vary for all consumers; this article is educational information, not legal advice. Restore Credit is software, not a credit repair organization or law firm.