How to protect yourself after a personal data breach: 5 steps

Matt Gleason

5.22.25

Attackers can use data stolen in breaches — your name, email and physical addresses, phone numbers, government-issued ID, Social Security Number, bank account information, and more — to steal even more sensitive things from you: your identity, online accounts, money, and more.

Every piece of information attackers glean makes it easier for and likelier that they will acquire more, usually through targeted phishing attacks. 

If you suspect or know that your personal information has been compromised, take steps to protect yourself. Better yet, get ahead of the next breach by taking these actions now. Here’s a comprehensive guide on how to respond to — and proactively defend against — the fallout from data breaches, both immediately and long term.

Step 1: Take immediate action

Freeze your credit

Prevent identity theft by freezing your credit at all three major credit bureaus:

This stops new lines of credit from being opened in your name without your authorization.

Strengthen multi-factor authentication (MFA)

Enable MFA on all financial and social media accounts. Avoid SMS-based MFA when possible (it’s more vulnerable); instead, use:

  • App-based authentication (e.g., Google Authenticator)
  • Hardware keys (e.g., YubiKey)
  • Email-based codes (as a fallback)

Also, ask your mobile provider to enable SIM protection features.

Replace your ID

If you can attest or have affirmative proof that a government-issued ID of yours is compromised, visit the ID issuer — such as your local DMV outpost in the case of a state-issued driver’s license — and request a reissuance.

Step 2: Secure your online accounts

Apple iCloud

These features make it significantly harder for attackers to hijack your Apple account.

Google

Passwords

Use a password manager. Recommended options (in order of preference):

  1. Built-in browser-based password managers
  2. Offline tools like KeePass
  3. Third-party services like Bitwarden or 1Password

For passwords you must memorize (like your password vault’s master key), create a secure passphrase. One way to do this is by choosing random words from a book — aim for 4–to–10 words.

Step 3: Lock down your phone

For iPhone Users:

  • Set a custom alphanumeric passcode (e.g., one that is at least 3–words long)
  • Enable Find My iPhone
  • Turn on Stolen Device Protection
  • Require Face ID for sensitive apps (e.g., email, finance, messaging)

For Android Users:

  • Secure your screen lock with a strong passcode or biometric
  • Enable Find My Device
  • Activate Theft Detection Lock and Identity Check if available (features may vary by phone brand)

Step 4: Stay vigilant against social engineering

You may become a target of scams. Watch for:

  • Loss of access to accounts
  • Suspicious login notifications
  • Unsolicited texts or calls from financial institutions or others

Best Practices:

  • Never click on links in suspicious emails or texts
  • Don’t give out personal information over the phone
  • Visit official websites directly to verify alerts
  • If a supposed company representative calls you, ask for a case number, hang up, and call the company back using its official customer support number

Step 5: Monitor your social media accounts

Some services have a mandatory lockout period after an account has been reset through customer service. If you suspect your account may be compromised:

  • Confirm access at least once every 24 hours to retain control
  • If locked out, contact support immediately (e.g., Facebook, Instagram, Snapchat, TikTok, X)
  • If you’re part of an organization, loop in your information security team to help escalate the issue

***

If your data was exposed, you are now a potential target. But taking these steps can dramatically reduce your risk:

  • Harden your accounts
  • Lock down your phone
  • Stay alert to scams and suspicious behavior
  • Act quickly if something feels off

Cybersecurity is no longer optional — it’s a necessity. Following these five steps can help keep you protected.

***

Matt Gleason is a security engineer for a16z crypto, helping portfolio companies with their application security, incident response, and other audit or security needs. He has conducted audits, and found and helped fix critical vulnerabilities in code prior to project deployment on many different projects.

***

See more:

***

The views expressed here are those of the individual AH Capital Management, L.L.C. (“a16z”) personnel quoted and are not the views of a16z or its affiliates. Certain information contained in here has been obtained from third-party sources, including from portfolio companies of funds managed by a16z. While taken from sources believed to be reliable, a16z has not independently verified such information and makes no representations about the current or enduring accuracy of the information or its appropriateness for a given situation. In addition, this content may include third-party advertisements; a16z has not reviewed such advertisements and does not endorse any advertising content contained therein.

This content is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. You should consult your own advisers as to those matters. References to any securities or digital assets are for illustrative purposes only, and do not constitute an investment recommendation or offer to provide investment advisory services. Furthermore, this content is not directed at nor intended for use by any investors or prospective investors, and may not under any circumstances be relied upon when making a decision to invest in any fund managed by a16z. (An offering to invest in an a16z fund will be made only by the private placement memorandum, subscription agreement, and other relevant documentation of any such fund and should be read in their entirety.) Any investments or portfolio companies mentioned, referred to, or described are not representative of all investments in vehicles managed by a16z, and there can be no assurance that the investments will be profitable or that other investments made in the future will have similar characteristics or results. A list of investments made by funds managed by Andreessen Horowitz (excluding investments for which the issuer has not provided permission for a16z to disclose publicly as well as unannounced investments in publicly traded digital assets) is available at https://a16z.com/investments/.

The content speaks only as of the date indicated. Any projections, estimates, forecasts, targets, prospects, and/or opinions expressed in these materials are subject to change without notice and may differ or be contrary to opinions expressed by others. Please see https://a16z.com/disclosures for additional important information.

podcast: web3 with a16z

A show about building the next internet, from a16z crypto

Any investments or portfolio companies mentioned, referred to, or described on this page are not representative of all investments in vehicles managed by a16z and there can be no assurance that the investments will be profitable or that other investments made in the future will have similar characteristics or results. Exits include current and former a16z portfolio companies which have been acquired as well as companies which have undergone an initial public offering or direct public offering of shares. Certain publicly traded companies on this list may still be held in Andreessen Horowitz funds. A list of investments made by funds managed by a16z is available here: https://a16z.com/investments/. Excluded from this list are investments for which the issuer has not provided permission for a16z to disclose publicly as well as unannounced investments in publicly traded digital assets. Further, the list of investments is updated monthly and as such may not reflect most recent a16z investments. Past results of Andreessen Horowitz’s investments, pooled investment vehicles, or investment strategies are not necessarily indicative of future results.

© 2024 Andreessen Horowitz WTUVKUCXZLYAD
GGCMUGJX