If you've received a message from a company saying your data has been caught up in a breach, you might be unsure what to do next. We've put together some tips which should help you when the (more or less) inevitable happens.
Every breach is different, so check the company's official channels to find out what's happened and what data has been breached. Organizations often put out a rolling statement on their website, blog, or X (Twitter). Follow any specific advice they offer first, and keep an eye out for any further communications.
If your password has been caught up in a breach, you should immediately change it. If you've used the same password on another site or service then you also need to change that. Cybercriminals will often try one password on multiple sites because they know people reuse them, so make sure you use a different password for every single site you have an account on. If you don't already use one, it's worth considering a password manager, which will generate and store passwords for you so you don't have to remember them all in your head.