Your personal data may already be on a hacker forum, sold to identity thieves, or circulating on the dark web. Data breaches exposed over 15 billion records in 2025 alone. Here's how to find out if you've been affected and what to do about it.
How to Check If Your Data Was Breached
Have I Been Pwned (haveibeenpwned.com)
This is the gold standard for breach checking. Created by security researcher Troy Hunt, it aggregates data from hundreds of breaches and lets you search by email address or phone number. When you search, it shows you exactly which breaches exposed your data and what information was included.
The service is free for individual lookups. For monitoring ongoing breaches, you can subscribe to notifications ($3.60/month) that alert you when your email appears in a new breach.
Firefox Monitor
Firefox Monitor uses Have I Been Pwned's data but integrates directly into the Firefox browser. It shows breach history and will alert you if your email appears in new breaches. Also free, and you don't need to use Firefox to access it at monitor.firefox.com.
Google One / Dark Web Report
If you have a Google One subscription, Google's Dark Web Report feature monitors the dark web for your personal information including:
- Name
- Address
- Phone number
- Social Security Number
- Bank account numbers
- Credit card numbers
- Passwords
This gives broader coverage than just email addresses. Even if you don't have Google One, visiting myaccount.google.com/security has basic dark web monitoring features in many regions.
What to Do If You're Caught in a Breach
Step 1: Change Compromised Passwords Immediately
If the breach exposed passwords โ even if they're hashed (encrypted) โ assume they could be cracked and changed. Use a password manager to generate a new, unique password for each account. Don't reuse passwords across accounts.
Step 2: Enable Two-Factor Authentication
On any account that supports 2FA and was involved in the breach, enable it immediately. This prevents attackers from accessing your account even if they have the password.
Step 3: Monitor Financial Accounts
If financial information was exposed (credit card numbers, bank accounts), notify your bank or card issuer immediately. They'll issue new cards and monitor for fraud. Consider placing a credit freeze with Equifax, Experian, and TransUnion to prevent identity thieves from opening accounts in your name.
Step 4: Watch for Phishing
After a breach, attackers know your email address and often other details. You'll likely see more phishing emails tailored to your interests or recent activities. Be extra vigilant about unexpected emails, even if they seem to come from services you use.
Step 5: Consider an Identity Theft Protection Service
Services like LifeLock, IdentityForce, or Aura monitor your credit reports, SSN usage, and dark web data. For high-risk individuals (executives, people with significant financial assets, those who work in industries targeted by hackers), this ongoing monitoring is worth the cost.
Understanding What Was Exposed
Different breaches carry different risks:
- Email + password โ High risk. Change password immediately. Risk: account takeover
- SSN + personal info โ Critical. Highest risk of identity theft. Freeze credit, file taxes early.
- Financial data โ Critical. Alert your bank immediately. Risk: fraudulent charges
- Medical records โ Serious. Medical identity theft is hard to detect. Monitor insurance statements.
- Phone number โ Moderate. Risk: SIM swapping attacks, increased spam/phishing
You can't undo a data breach, but you can contain the damage by acting quickly. The faster you change compromised credentials and enable additional security, the less opportunity attackers have to misuse your data.