Data Breach: What it is, what to do, and simple ways to protect your accounts

Data Breach

What it is

A data breach is when someone gets into a company’s systems without permission and steals sensitive info—customer names, emails, passwords, payment details, medical records, and more. For overview: see our 
data breach guide

How it happens

  • Phishing or stolen passwords

  • Unpatched apps or exposed databases

  • Malware on an employee device

  • Third-party vendor with weak security

What you might notice

  • Emails about password resets you didn’t request

  • Strange logins or charges on your accounts

  • Notifications from a company saying your data was involved

If you get a breach notice 

  1. Change your password for that site (and anywhere you reused it); turn on MFA.

  2. Watch your accounts: set alerts for bank/credit and enable sign-in notifications.

  3. Check breaches for your email and rotate old passwords.

  4. If payment data was exposed, freeze or replace the card and consider a credit freeze.

Prevent the next one 

  • Use a password manager and unique passwords everywhere.

  • Turn on MFA (app or security key) for important accounts.

  • Be cautious with links/attachments; verify urgent requests out of band.

  • Keep your devices and browser updated.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Data Breach Prevention

        Why it matters Breaches drain money, trust, and time. Strong basics turn scary “what ifs” into non-events: a phish gets ignored, a stolen password is useless, a lost laptop holds only encrypted gibberish. The short, smart checklist MFA everywhere: ...

      • Data Exfiltration

        What it is Data exfiltration is the unauthorized transfer of your data out of your device or network—quietly slipping customer records, passwords, designs, or finances to an attacker. It’s the punchline of many breaches: get in, get data out, cash ...

      • General Data Protection Regulation (GDPR)

        What it is The GDPR is the EU’s data privacy law. It sets clear rules for how organizations collect, use, share, and store personal data - and gives people strong rights over their information, no matter where a company is based if it serves EU ...

      • EDR (Endpoint Detection and Response)

        What it is EDR is your always-on security team for laptops and servers. It watches what’s happening on each device, spots attacks in progress, and helps you respond fast - quarantine, investigate, and clean up. For details on capabilities and use ...

      • Data Loss

        What it is Data loss is when important files—photos, projects, invoices—disappear or become unreadable. It happens for lots of boring-but-real reasons: accidental deletes, failing drives, malware, spilled coffee, power cuts, or disasters. Common ...