What to do immediately after a data breach
You have been told a service you use was breached. The next hour matters: work through these steps in order rather than panicking or ignoring it.
- Change your password on the breached account first, and make the new one unique.
- Change it everywhere you reused that same password — this is how one breach becomes many.
- Turn on two-factor authentication on that account and on your email if it is not already on.
- Watch for follow-up scams: breached details are used to make phishing emails look convincing, so be extra wary of messages referencing the breach.
- If banking or ID details were exposed, contact your bank and consider a credit ban through the credit bureaus.
- For exposed identity documents, ring IDCARE on 1800 595 160 (8am-5pm AEST, weekdays) for free guidance on what to replace.
Still stuck after those?
You’ve done the right thing by trying. Send whedo.it a quick note — what you tried, what you saw — and a senior pair of eyes will be on it the same business day.