Data Breach Response: Your Step-by-Step Action Plan

About 11 min read

Have you ever received a notification saying "Your information may have been compromised" from a service you use? Data breachincidents are increasing every year, and even major corporations are not immune. According to IBM's 2024 Cost of a Data Breach Report, the average cost per data breach reached $4.88 million, a record high. Furthermore, the average time from detection to containment is 258 days, during which attackers exploit stolen information to the fullest. What matters most is how quickly and appropriately you respond after a breach is discovered. This article explains the specific steps to take when you receive a data breach notification and how to efficiently update your passwords using Passtsuku.com.

What to Do First When You Receive a Breach Notification

When you receive a data breach notification, first calmly verify its authenticity. There have been cases where attackers send fake breach notification emails for phishing purposes. Instead of clicking links in the email, go directly to the service's official website through your browser to check for official announcements about the breach.

Note that even legitimate breach notification emails may come from a different domain than usual. This is because external security firms sometimes handle notifications during large-scale breaches. If in doubt, do not click any links in the email and access the service's official website through a search engine for the safest verification.

Once you have confirmed the notification is legitimate, gather the following information.

• Types of information leaked (email addresses, passwords, credit card information, personal data, etc.)
• When the breach occurred
• Measures taken by the service (forced password reset, session invalidation, etc.)
• Recommended actions for users

Where Does Leaked Data Go?

Understanding how leaked data is exploited helps you assess the urgency of your response. For a comprehensive overview of what happens after an account is compromised, see what happens when you get hacked. Generally, leaked data spreads through the following stages. First, attackers list the stolen data on dark web marketplaces. According to Chainalysis's 2024 report, the annual transaction volume of data trading markets on the dark web is estimated at over $1.5 billion. The listed data is purchased by multiple buyers and used as input lists for credential stuffing attacks. As more time passes, the data is published as free databases accessible to anyone. In other words, the longer the time since the breach, the more attackers there are, and the risk escalates exponentially. When you receive a breach notification, aim to respond within hours, not days.

The Process of Cracking Hashed Passwords

If hash values of passwords were leaked, attackers may be attempting offline cracking. Hashing is the process of converting a password into a fixed-length string using a one-way function, which theoretically cannot be reversed to the original password. However, in practice, attackers attempt cracking using rainbow tables with pre-computed hash values of enormous candidate passwords, or brute force attacks using GPUs.

The difficulty of cracking varies greatly depending on the hash algorithm. Older algorithms like MD5 and SHA-1 are computationally fast, so with a modern GPU (NVIDIA RTX 4090), MD5 hashes can be tried approximately 164 billion times per second, and an 8-character alphanumeric password can be cracked in minutes. In contrast, modern algorithms like bcrypt and Argon2 are designed to be intentionally slow (stretching), limiting attempts to tens of thousands per second even with the same GPU. Since the algorithm used by the breached service is often not disclosed, assume the worst case and change your password promptly.

Password Change Priority

Once a breach is confirmed, proceed with password changes in stages. Trying to change everything at once can be overwhelming, so prioritize your response. For details on why password reuse is dangerous, see Why Password Reuse Is Dangerous.

Highest Priority: Password of the Breached Service

First, immediately change the password of the breached service. Generate a password of 20 characters or more including uppercase letters, lowercase letters, numbers, and symbols using Passtsuku.com. For first response guidance after a breach, data breach first response guidebooks (Amazon) are also helpful.

High Priority: Services Where You Reused the Same Password

If you used the same password on other services as the breached one, change those promptly as well. Attackers attempt to infiltrate other services through credential stuffing attacks, making reused passwords the greatest risk. According to Verizon's 2024 DBIR (Data Breach Investigations Report), approximately 31% of breach-related incidents involved stolen credentials, with password reuse being a major factor in expanding damage.

Medium Priority: Email Accounts

Email accounts are particularly important because they are used for password resets on many services. As a precaution, also change the password of the email address registered with the breached service.

Normal Priority: Financial Services and Important Accounts

Also check and update passwords for accounts directly related to finances, such as online banking, brokerage accounts, and payment services.

Check Your Breach Status with Have I Been Pwned

Have I Been Pwned (HIBP) is a free service run by security researcher Troy Hunt that lets you check whether your email address or password has been included in past data breach incidents. As of 2024, HIBP has over 14 billion compromised account records registered, covering more than 800 breach incidents.

It is easy to use. Simply visit haveibeenpwned.com and enter your email address to see a list of breach databases that include your address. If a breach is found, immediately change the password for the affected service.

HIBP also offers a feature called "Pwned Passwords" that lets you check whether a specific password has been included in past breach data. This feature uses a technique called k-Anonymity, sending only the first 5 characters of the password's SHA-1 hash to the API and performing the remaining matching locally, so the password itself is never exposed externally. Random passwords generated by Passtsuku.com are extremely unlikely to be in breach databases, but checking provides additional peace of mind. For more on how leaked data is traded on the dark web, see also The Relationship Between the Dark Web and Password Leaks.

Verify and Enable Two-Factor Authentication

When a data breach occurs, check the status of two-factor authentication at the same time as changing your password. If already enabled, verify that the authenticator app's secret key has not been compromised and reconfigure if necessary.

If there are services where you have not yet enabled two-factor authentication, take this opportunity to set it up. Even if your password is leaked, having two-factor authentication enabled significantly increases the chances of preventing unauthorized login. For details on how two-factor authentication works and how to set it up, see The Importance of Two-Factor Authentication. To strengthen account protection after a breach, FIDO2 hardware security keys for account protection (Amazon) are also helpful.

A common misconception is that SMS-based two-factor authentication is sufficient, but cases of SMS interception through SIM swap attacks are increasing. The FBI reported that SIM swap attack damages reached $48.6 million in 2023. If possible, prioritize setting up authenticator apps (TOTP) or hardware security keys. Comparing phishing resistance by authentication method: SMS is the weakest due to interception risk, TOTP apps retain vulnerability to real-time phishing, and FIDO2 security keys offer the highest phishing resistance through origin verification.

Post-Breach Response Checklist

This is a practical checklist to ensure you respond thoroughly when you receive a data breach notification. Follow the items from top to bottom.

• Verify the notification's authenticity on the official website (do not click links in the email)
• Understand the types and scope of leaked information
• Change the breached service's password to 20+ characters using Passtsuku.com
• Identify all services where you reused the same password and change each one individually
• Change your email account password
• Check and update financial service passwords
• Enable two-factor authentication on services where it's not yet set up (TOTP or security key recommended)
• Check your email address breach status on Have I Been Pwned
• If credit card information was leaked, contact your card company to request reissuance
• Check for suspicious login history and account activity
• Save all new passwords in your password manager

Bulk Password Update with Passtsuku.com

When you need to update passwords for multiple services at once, Passtsuku.com's bulk generation feature is useful. Set the generation count to the number of services that need updating and generate passwords all at once.

The recommended procedure is as follows.

• Set Passtsuku.com to 20+ characters with all 4 character types enabled
• Bulk generate passwords for the number of services that need updating
• Save the generated passwords in your password manager
• Change each service's password sequentially according to priority
• Enable two-factor authentication starting from services where changes are complete

All passwords generated by Passtsuku.com are based on cryptographically secure random numbers and are completely different strings for each service. Even if one password is leaked, it will not affect other services.

Measures to Prevent Recurrence

Once you have finished responding to the data breach, take preventive measures to minimize future damage.

• Use different passwords for all services. Generate individually with Passtsuku.com
• Enable two-factor authentication wherever possible
• Register for Have I Been Pwned notifications to detect new breaches early
• Regularly check for suspicious login notifications and account activity
• If credit card information was leaked, contact your card company to request reissuance

A common misconception is thinking "I'm safe because it's a major service" or "I won't be targeted." Leaked data is not exploited by targeting specific individuals but through automated tools that attack massive numbers of accounts simultaneously. All accounts in a breach database are equally at risk, so complacency is dangerous. If the constant cycle of breach notifications and password changes feels exhausting, you are not alone - see our article on security fatigue and burnout for strategies to stay protected without burning out. The foundation of incident response lies in advance preparation and swift initial action. While data breaches are difficult to prevent entirely, proper preparation and rapid response can minimize damage. Set strong passwords for each service using Passtsuku.com and prepare for potential breaches.

What You Can Do Right Now

1. Check whether your email address is in breach lists on Have I Been Pwned (haveibeenpwned.com) and register for notifications
2. Immediately change the password of any confirmed breached service to 20+ characters using Passtsuku.com
3. Identify all services where you reuse the same password and change each to a unique random password

4. Set up two-factor authentication (authenticator app or security key) for your email accounts and financial services
5. Adopt a password manager and centrally manage all passwords in an encrypted vault

Frequently Asked Questions

How can I check if my password has been leaked?

Enter your email at Have I Been Pwned (haveibeenpwned.com) to check if it appears in known breaches. Google Chrome's Password Checkup feature can also scan your saved passwords for known leaks.

What is the first thing to do after receiving a data breach notification?

Immediately change the password for the affected service. If you reused the same password elsewhere, change those too. Then enable two-factor authentication and check for any suspicious login activity.

What should I do if my credit card information is leaked?

Contact your card issuer to freeze the card and request a replacement. Review recent statements for unauthorized transactions and file a dispute if needed. Also remove saved card information from online shopping sites.