Data Breach News & What to Do When You're Affected
Data breaches are now a daily reality. From small companies to massive corporations, attackers are constantly stealing user data. This page provides updates on major breaches and gives you the actionable steps you must take to protect yourself.
Recent Data Breach News (2024-2025)
It's crucial to know if your data has been involved in a recent incident. Here are some of the significant breaches that have been disclosed:
- AT&T: Experienced multiple breaches, including one in 2024 that exposed the data of over 70 million customers, including Social Security numbers.
- CDK Global: A massive cyberattack in mid-2024 on the software provider crippled car dealerships across North America, highlighting supply chain vulnerabilities.
- Ticketmaster: Admitted to a major breach in May 2024 after a hacking group claimed to have stolen the data of 560 million users.
- Wojeski & Company: This accounting firm agreed to a settlement in October 2025 after failing to protect client data, including SSNs, in two separate breaches.
What to Do Immediately After a Data Breach
If you receive a notice that your data was stolen, or you suspect it, take these steps immediately. Do not wait.
Your 5-Step Action Plan
- Change Your Passwords: Immediately change the password for the affected account. If you reused that password anywhere else (a bad practice!), change it on those accounts, too. Make every password unique.
- Enable Two-Factor Authentication (2FA/MFA): This is your single best defense. It adds a second layer of security (like a code from your phone) that stops a hacker even if they have your password.
- Place a Fraud Alert or Credit Freeze:
- A Fraud Alert is free and lasts for one year. It tells lenders to take extra steps to verify your identity.
- A Credit Freeze is the strongest option. It's free and locks your credit file, preventing anyone from opening a new line of credit in your name.
- Monitor Your Accounts: Keep a close eye on your bank, credit card, and other financial statements for any suspicious activity. Report any fraudulent charges immediately.
- Watch Out for Phishing: Scammers will use the leaked information to target you with highly convincing phishing emails. Be extra suspicious of any unsolicited emails that ask for personal information or create a sense of urgency.
What Is a Company's Responsibility in a Breach?
While consumers must be defensive, companies have a legal and ethical duty to protect data. Their response is critical.
- Containment: Their first priority is to stop the breach and secure their systems.
- Investigation: They must conduct a forensic investigation to determine what happened, what data was taken, and who was affected.
- Notification: Businesses are legally required to notify affected individuals and regulatory bodies (like the ICO in the UK or state attorneys general in the U.S.) without "undue delay."
- Transparency: The notification should be clear, not buried in legal jargon. It must state what data was stolen and what specific risks you face.
- Remediation: They should offer solutions, such as free credit monitoring, to help victims protect themselves.