What to Do If Your Data Has Been Breached
Affiliate disclosure: This article contains affiliate links. If you click a link and make a purchase, we may earn a commission at no extra cost to you. Our editorial recommendations are never influenced by commissions — read our full disclosure policy.
Step 1: Do Not Panic — But Do Act Now
A breach notification does not mean your accounts are already compromised. It means your data was exposed and may be in the hands of people who want to use it. The window between exposure and exploitation varies from hours to months.
Here is what to do, in order of urgency.
In the Next Hour
Change the password for the breached account. Use a randomly generated password from a password manager. Do not reuse it anywhere.
Change the same password everywhere else you used it. This is the painful part. If you reused that password on your email, bank, or other important accounts, change those immediately. This is why password managers exist — to make sure this never happens again.
Enable two-factor authentication on the breached account if you have not already. Even if someone has your password, they cannot log in without your second factor.
In the Next 24 Hours
Check what data was exposed. Breach notifications usually specify what was included — email, password, phone number, address, payment card data. The type of data determines what else you need to do.
If payment card data was exposed: contact your bank and request a new card immediately. Most banks will do this without question.
If your Social Security Number or Norwegian national ID was exposed: place a credit freeze with all three credit bureaus (Equifax, Experian, TransUnion in the US — or Bisnode/Experian in Norway). A credit freeze prevents new credit being opened in your name.
If your address and phone number were exposed: be alert for targeted phishing — attackers may use real personal details to make scam calls or emails more convincing.
Run your email addresses through haveibeenpwned.com to see if you appear in other breaches you have not been notified about. Sign up for future breach notifications.
In the Next Week
Consider identity theft protection. Services like Aura monitor your credit, dark web, and public records for ongoing misuse of your exposed data. If your SSN or financial data was in the breach, this is a good time to start.
Review your credit report. In Norway, you can request a free credit report from Experian Norge. In the US, annualcreditreport.com gives you free reports from all three bureaus. Look for accounts you did not open.
Set up account alerts. Most banks and credit card companies will text or email you for every transaction. Enable these. They catch fraudulent use within minutes.
If You Are Already a Victim
If you discover fraudulent accounts or transactions: file a police report (you will need this for insurance and dispute resolution), contact each institution where fraud occurred, file a report with your country's fraud authority (Finanstilsynet in Norway, FTC in the US), and contact your identity protection service if you have one.
This process is slow and frustrating. The earlier you catch it, the faster it resolves.
Written by Øyvind — NorwegianSpark SA.
Reviewed by Øyvind — NorwegianSpark · Last updated: 28 March 2026