I received a data breach notification

Go to haveibeenpwned.com and enter your email address — confirm your email appears in the reported breach

Go directly to the company's official website and look for a security or news announcement — don't click links in the notification email

Settings → See all settings → Forwarding and POP/IMAP → check for forwarding addresses you didn't set up

Settings → See all settings → Filters and Blocked Addresses → delete any filters you didn't create

myaccount.google.com → Security → Your devices → remove anything unfamiliar

myaccount.google.com → Security → Third-party apps with account access → revoke anything you don't recognize

Log in to your carrier account — check for SIM changes, new lines, or number port requests you didn't make

Enable account lock or port-out PIN: AT&T 'Extra security', Verizon port-out PIN, T-Mobile 'Account Takeover Protection'

Screenshot the breach notification email — don't delete it

Screenshot any fraudulent accounts, transactions, or records you find

Keep a log: date, what you found, what you did, who you spoke to, reference numbers from calls

File a police report if identity theft has occurred — get the case number. You'll need this to dispute fraudulent accounts.

Set up credit monitoring — many breach notifications include free monitoring; also available free at Credit Karma or through your credit card issuer

Check your credit report every few months at annualcreditreport.com

Watch for unexpected bills, collection calls, or unfamiliar accounts appearing

Be more skeptical of phishing attempts — your email is now in more databases