Proton
Subscribe by RSS

What to do if your data is leaked in a data breach

Eamonn Maguire

Share this page

The impact a data breach can have on your life depends greatly on the type of information that was exposed and to whom.

A quick reaction to a data breach can often protect your digital identity and prevent any losses.

In response to the growing number of data breaches, Proton Mail and Proton Pass offer Dark Web Monitoring to paid subscribers. You’ll automatically be alerted if any of your credentials or other data have appeared on the dark web. Our system also provides account protection with the Proton Sentinel program, which monitors all login attempts for suspicious behavior and uses both artificial and human intelligence to respond to any suspected threats.

This article includes general recommendations to mitigate the damage if your data leaks in a variety of scenarios. If you use Proton’s Dark Web Monitoring service, we will give you actionable advice along with any breach notification you receive.

What is a data breach?

A data breach is when confidential, sensitive, or protected information is accessed or disclosed without authorization. This can involve the unintended release of personal data, such as social security numbers, credit card details, personal health information, or other personally identifiable information (PII). Data breaches can result from cybersecurity attacks, such as hacking or phishing, as well as from internal leaks or failures to secure data adequately.

There are two general classes of data breaches: those involving known sources (high-profile examples include LinkedIn(new window), Facebook(new window), and X)(new window) and those involving lists of email and password combinations (combo lists) shared on the dark web. Understanding the source of a breach helps determine the best response.

Your data breach response plan

If the source of a data breach is known, you should immediately go to that service and check for any signs of unauthorized activity on your accounts, such as:

  • Difficulty logging in
  • Unexpected changes to security settings
  • Receiving unfamiliar messages or notifications from your account
  • Logins from unusual locations or at odd times
  • Unauthorized money transfers or purchases from your online accounts

Some general steps to follow to secure a breached service include:

  1. If locked out, contact customer support to regain access.
  2. Review and update your security settings, such as your recovery email and phone numbers.
  3. Change your password — use a strong, unique password generated by a password manager such as Proton Pass(new window).
  4. Log out of all devices and apps connected to the compromised account.
  5. Set up two-factor authentication (2FA). If your email account was breached, review your email filtering and forwarding rules. Criminals often establish forwarding rules on compromised email accounts to receive copies of all incoming emails, enabling them to intercept 2FA codes or reset passwords, for instance.

If a social media or communication platform is breached, notify contacts that your account was affected and tell them to watch out for suspicious messages and posts.

Determine which types of data have been exposed

Even if you manage to secure a breached account, your email address, password, credit card number, physical address, and other information could have been leaked at the same time. Let’s take a look at some of the most common types of information affected by data breaches.

If your email address has been leaked

All of your personal data is important, but your email address is one of the most important aspects of your online identity. Your email address is your online identity, the passport all your accounts ask for when you log in. However, if your email address is all that’s exposed, you should be safe (hackers will still need to try to brute force your password to access your account). If your email address has been exposed alongside your passwords, you may need to close this account and start a new one.

If your passwords have been compromised

Exposed passwords, login credentials, or encryption keys can enable unauthorized entry into your accounts, potentially resulting in additional security breaches and data theft. While plaintext passwords are generally more severe in nature, some websites may store passwords using weak hashing methods like MD5, which can also leave your passwords vulnerable to attack.

Conversely, passwords leaked from websites where passwords were encrypted or hashed using stronger algorithms such as SHA256 or bcrypt will inherently offer greater resistance to attacks. Therefore, if plaintext or weakly hashed passwords have been exposed, you must change them immediately. We strongly recommend using a password manager, such as Proton Pass(new window), and 2FA wherever possible.

If your credit card numbers have been exposed

If your credit card number is leaked, you should:

  • Call the emergency number on the back of the card immediately to freeze or replace it.
  • Monitor your bank accounts and credit card statements and report any fraudulent transactions as soon as possible.
  • If breached service offers free credit monitoring (for example, Experian) consider enrolling.

If your phone numbers have been compromised

This can lead hackers to target you with phishing text messages, trying to catch you when you’re tired or not paying attention. You can protect yourself from spam calls in the UK with the Telephone Preference Service(new window) or in the US with the National Do Not Call Registry(new window). Other countries likely have similar services, which you can search for online. In addition, be wary of phishing attempts.

If your Social Security number (SSN) has been leaked

Social Security numbers are an important piece of information, particularly in the US, and can be used along with your name, address, and date of birth to set up credit cards or take out loans in your name.

If you find out your Social Security number has been stolen, you should:

  • Immediately report the theft to identitytheft.gov(new window).
  • Place a credit freeze with credit bureaus to prevent fraudulent accounts.
  • Add a fraud alert to your credit file.

Though not exhaustive, this list covers the most commonly breached information. With almost 4,000 data breaches of 1.8 billion records happening in February 2024 alone, criminals are able to build up information about users across breaches to construct profiles containing not only your email addresses and passwords, but also your occupation, past employment, marital status, and more, making it easier to carry out more sophisticated phishing attacks. For example, this tool(new window) allows you to visualize your breach profile.

Implement ongoing data breach protection

You should:

  • Remain vigilant for phishing emails, especially those that may arrive sometime after the breach becomes public knowledge. Look out for senders impersonating services that write to you regarding “resetting passwords”, “claiming compensation”, or “missed deliveries’’. These and urgent requests to act immediately or within a limited timeframe are red flags.
  • Enable 2FA wherever possible. It’s an excellent way to protect your account from attackers because even if they obtain your password, they will still be unable to enter your account without an additional piece of information on your device.
  • Use hide-my-email aliases when signing up to sites to protect your identity.

Use better encryption to prevent data leaks

Many data breaches could be prevented if more online services used end-to-end encryption. At Proton, this form of encryption is at the heart of our security architecture. Whether it’s protecting your emails and attachments in Proton Mail or protecting your passwords in Proton Pass, your data is encrypted on your device before uploading to our servers. That way, if hackers ever were to gain access to our systems, your information would remain encrypted because only you can unlock your data with your private key.

Learn more about Proton’s end-to-end encryption(new window)

Secure your emails, protect your privacy
Get Proton Mail free

Related articles

An illustration of a laptop and an open envelope
Lay the foundation for lasting business success with a privacy-first website using a secure domain and email from Porkbun and Proton Mail.
Flow, a wordless fable about a cat and other stray animals navigating a flooded world, was made with Blender, a free, open-source 3D animation tool.
A Latvian indie film that used open source tools beat Disney at the Oscars, proving open source can challenge industry giants.
A Bitcoin and a central bank digital currency coin
Learn how CBDCs could give governments new powers to control money and monitor financial activity and how Bitcoin prevents this.
A computer monitor, a box of case files, and a lock representing law firms that protect their information security
A simple guide to law firm cybersecurity. See how to protect business and client data, prevent breaches, and stay compliant with encryption.
The cover image for a Proton Pass blog about brushing scams, which shows a package with a warning sign above it
A brushing scam means your personal data has leaked online. Learn how to protect yourself with hide-my-email aliases and dark web monitoring.
An encryption lock breaking
Apple turned off its end-to-end encryption in the UK in response to a government notice. We look at what this means and how people in the UK can protect their data.