What to do after a data breach or leak

If your sensitive information was exposed in a data breach or leak, your identity is at risk. Protect yourself by upgrading your account security and closely monitoring your accounts. Then, get a trusted identity monitoring solution that can help detect potential misuse of your personal information and alert you to suspicious activity.

SE labs logo

2025

Consumer

Security Innovator

av test award

2026

Top Rated Product

A crimson safe representing personal data that’s been secured following a data breach.

If your personal information was exposed in a data breach or leaked, you’re at risk of targeted scams, identity theft, and other cyberthreats. Help protect your accounts and identity by confirming what data was compromised, then change your passwords, enable two-factor authentication, monitor your accounts for suspicious activity, and look out for phishing attacks.

Knowing what to do after a data breach is crucial, because even companies you entrust with highly sensitive data can make serious mistakes if they don’t have the right safeguards in place. 

In March 2026, the identity theft protection provider Aura suffered a data breach that exposed nearly 900,000 customer records. The company claims the incident resulted from an employee falling victim to a voice phishing attack and granting access to an unauthorised third party. This exposes customers to targeted attacks like phishing and social engineering.

If you think your data has been compromised, here are the steps you need to take.

1. Confirm if your data was compromised

When a company suffers a data breach, they must notify the Office of the Australian Information Commissioner (OAIC). If the breach is likely to put affected people at high risk, the organisation should also inform them directly. should also inform them directly.

But even without an official notice, unusual account activity may signal trouble. That’s why it’s important to check proactively for signs of a data breach instead of waiting for confirmation. If you suspect your data has been exposed, here’s how to confirm your suspicions:

  • Check your accounts: Look for weird transactions, password changes, altered settings, or new login alerts. These can all signal unauthorised access following a data breach.
  • Review your credit reports: Scan your credit reports for unfamiliar accounts or inquiries, which could mean someone is trying to open credit in your name.
  • Watch for suspicious login alerts: Sometimes companies will email you about suspicious account activity. Look into them, but watch out for phishing attempts. Attackers may create a phony login alert to trick you into revealing information that allows them to take over your account. 
  • Monitor your information: Use the Dark Web Monitoring feature included in Norton 360 Advanced to get automatic alerts if your data has surfaced on the dark web — the hidden part of the internet where leaked data is often posted or sold.

2. Determine what data was exposed

Once you’ve confirmed your information was involved in a data breach, the next step is figuring out what type of data was leaked. Different kinds of data exposure lead to different risks, so knowing what’s exposed helps you take the right precautions.

Let’s dive into some common types of leaked data and how their exposure puts you at risk:

  • Personally identifiable information (PII): Exposure of PII, like your full name, address, or date of birth can make you a more vulnerable scam target. Scammers can use this information to make their social engineering and phishing attempts more convincing: a phishing email or vishing call that includes your real name and date of birth is much more likely to trick you — or a customer service agent — into believing it’s legitimate. Tools like Norton Genie, an AI-powered scam detector, can help alert you to clever scams.
  • Email address: If your email appears in a data breach, you’re likely to see an uptick in spam and phishing messages. Protect yourself by changing your passwords, enabling two-factor authentication (2FA) wherever possible, and watching out for phishing attempts. 
  • Phone number: Leaked phone numbers can lead to more spam calls or texts and account break-in attempts. They can also put you at risk of phone takeovers by hackers. Protect yourself by reporting spam numbers, securing online accounts linked to your number, and using AI scam protection features like those included in Norton 360 Advanced
  • Passwords: If your password or account credentials are leaked, you are at heightened risk of account takeovers, especially if you reuse the same password on multiple sites. Once in your account, fraudsters could make purchases using stored payment details, steal gift cards linked to your account, change your login information to lock you out, or harvest additional personal data to target your other accounts.   
  • Biometric data: Since biometric info like fingerprints, face ID, or retinal scans is permanent and unique, leaks pose serious risks. Criminals may use it to bypass security or pair it with other stolen credentials. If affected, review which devices or accounts use biometrics and strengthen secondary protections like PINs or tokens.
  • Credit card details: If your credit card details are exposed in a data breach, you’re at risk of credit card fraud. Protect yourself by monitoring your bank and credit card statements for suspicious activity, freezing your cards, setting up transaction alerts, and reporting any unauthorised charges to your bank immediately.
  • Identity document details: This is among the most serious breaches, since ID documents can be used for identity theft and fraud. Contact the relevant issuing agency, like the Australian Passport Office for more details on how to proceed. Then, you can apply for a ban from any of the three Credit Reporting Bodies (CRBs) and watch your credit reports for new accounts. your credit reports for new accounts.

3. Secure vulnerable accounts

After a data breach, attackers may try to break into your accounts or lock you out of them. Securing your logins with stronger protections can help you stay in control and prevent further damage.

Here’s how: 

  • Change your passwords: Update passwords for any accounts tied to the exposed email address or login. If you reused that password elsewhere, update those accounts too. 
  • Use a password manager: Generate strong, unique passwords for every account and store them in an encrypted password manager so you don’t have to remember them all. This ensures one stolen password doesn’t compromise multiple accounts.
  • Set up multi-factor authentication (MFA): MFA requires you to provide two or more verification factors before you can access your accounts. This helps protect you from post-breach threats by adding an extra layer of security, making it significantly harder for unauthorised users to gain access even if they have your password.
  • Remove unfamiliar devices: After a data breach, check your accounts for suspicious logins. If you see unfamiliar devices, remove them. 
  • Protect your SIM card: Scammers can use your personal information to trick your mobile provider into swapping your phone number to their SIM card, a practice known as a SIM swap attack. This allows them to intercept your calls and texts, including two-factor authentication codes. 

Protect your SIM card by setting up a unique PIN with your mobile provider and getting Norton 360 Advanced to get security and identity protection features to help safekeep your personal data.

4. Protect your credit

If highly sensitive information like your Tax File Number, passport or driver licence is exposed in a data breach, criminals could try to open new lines of credit in your name. Placing a temporary ban on your credit report can help stop lenders from accessing it, which in turn blocks new credit applications from being processed.

A credit report ban usually isn’t necessary if only less sensitive data, like an email address, was leaked, since that information alone can’t be used to open new lines of credit.

But you don’t have to do it alone, subscribe to Norton 360 Advanced and get Equifax Credit Protect (12-month) to receive credit alerts, reports and help monitoring your credit profile.

5. Warn people you know

If your accounts or contact details were exposed in a data breach, attackers may try to use that information to scam your friends, family, or colleagues. They might send phishing emails, suspicious texts, or even impersonate you to trick others into sharing personal data.

To reduce the risk, give your contacts a heads-up so they know to be cautious with unusual messages. Remind them not to click suspicious links, download unexpected attachments, or share sensitive information without confirming it’s really from you. A quick warning can go a long way.

An image with steps to take to protect yourself if your information was exposed in a data breach vs. if an attacker is actively using your data.
An image with steps to take to protect yourself if your information was exposed in a data breach vs. if an attacker is actively using your data.
An image with steps to take to protect yourself if your information was exposed in a data breach vs. if an attacker is actively using your data.

How to protect yourself from future data breaches

No one can fully guarantee protection from a data breach, but good security habits can reduce your risk and limit the damage if one occurs. The key is to protect your accounts, share less information, and stay alert for scams: 

  • Use multiple email accounts: Use separate email addresses for banking, shopping, social media, and personal use. That way, if one account is breached, the damage is contained.
  • Strengthen your passwords: Create unique, complex passwords for every account. A password manager can help you keep track without reusing them. Unique passwords offer real protection against hacking techniques like brute force attacks and credential stuffing. 
  • Look out for signs of scams: Watch for common phishing red flags like suspicious links, grammar mistakes, or urgent requests for personal info. If you clicked on a malicious link, perform a quick malware scan. Tools like Norton Genie can help you determine if a message or link is legitimate using the power of AI.
  • Verify before you click: If something feels off, confirm directly with the company or person using a trusted contact method. This can help you avoid downloading malware or directly sharing sensitive information with an unsafe person. 
  • Limit information sharing: Only share the minimum personal details necessary, even with legitimate organisations. The less data you share, the less there is to steal. 
  • Sign up for identity theft protection: Identity theft and data breach protection services help you monitor the dark web for your personal data. Norton 360 Advanced also provides access to Identity Restoration Support, helping you take action if your identity is compromised, so you can respond more quickly and confidently.

What should the affected company do after a data breach?

A data breach doesn’t just impact you. The company involved also has a responsibility to act quickly and responsibly. Here are the key steps they should take:

  • Contain the breach: Isolate compromised systems or networks to stop the attack from spreading. 
  • Assess the damage: Investigate what data was accessed, when it happened, and who was responsible. 
  • Notify anyone affected: Be transparent by informing customers and employees whose data was exposed. Companies should also provide resources and guidance to help people protect themselves. 
  • Restore their systems: Patch vulnerabilities and repair compromised systems to get operations back on track. 
  • Enhance security: Ideally, companies should strengthen software defences, train employees, and implement tighter security protocols to prevent future breaches.

Recent data breach news

Data breaches regularly make headlines, and they impact even the biggest organisations. Here’s what’s been making waves lately.

Google, Apple, and Facebook

In what’s being called the largest data breach in history, an infostealer attack targeted Google, Apple, and Facebook. According to Cybernews, the breach exposed 16 billion login credentials across 30 datasets. While some records may be outdated, experts warn that much of the stolen information is fresh and poses a serious threat to users. 

Qantas

In June 2025, Australian airline Qantas reported suspicious activity in a third-party customer service platform containing data from about 6 million people. Exposed information included names, email addresses, phone numbers, birth dates, and frequent flyer numbers. The investigation is ongoing.

Sydney University

In December 2025, The University of Sydney disclosed that hackers had gained unauthorised access to an internal library. This led to the personal data of 13,000 individuals, including students, staff and donors, being exposed. The personal information included names, birth dates, addresses, job titles and employment dates of around 8,000 members of staff, 6 donors, and 5,000 former alumni.

Guard your identity after a breach

Once your personal information has been exposed after a data breach or leak, your identity is in danger.

With Norton 360 Advanced, you get layered protection against the fallout of data breaches and leaks. Help spot bespoke scams using the power of AI, receive alerts if your sensitive data shows up on the dark web and access support designed to help you respond to identity-related incidents.

FAQs

Can I get compensation in response to a data breach? 

You may be entitled to compensation for a data breach if you can prove that loss and damage was suffered. If you seek compensation, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

What was the biggest data breach in history?

The largest data breach to date targeted tech companies like Apple, Facebook, and Google, exposing 16 billion login credentials.

How do you know if you have been pwned? 

If you’ve been “pwned” it means your personal information was exposed or stolen in a data breach. You can find out if a company notifies you of said breach or through warning signs like notifications of password reset attempts, unfamiliar logins or suspicious activity on your accounts.

Jeremy Coppock
Jeremy Coppock is a staff editor for Norton with an interest in anti-scam education. He has experience working as a fraud investigator for a major online retailer.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


Want more?

Follow us for all the latest news, tips, and updates.

Guard your identity

Download Norton 360 Advanced to help protect your identity after a data breach.

Guard your identity

Install Norton 360 Advanced to help protect your identity after a data breach.

Guard your identity

Install Norton 360 Advanced to help protect your identity after a data breach.

Norton

360 Advanced