What to do if your email is in a data breach
UK guide · 6 minute read
Finding your email in a breach is uncomfortable, but the steps to recover are short and practical. This guide walks through what to do in the first hour, the first day, and over the following week. Everything below works for personal accounts and small business accounts in the UK.
Step 1 — Confirm what was exposed
Before you change anything, you need a clear list of which services have leaked your data and roughly when. A quick exposure check shows you the breach count and source types in seconds.
Run a free check on the AICS homepage. You will see how many breach sources contain your email, the year of each breach, and the type of service that was hit. Make a note. You will work through the list in the following steps.
Step 2 — Change the password on the affected account
Start with the breached service itself. Sign in, change the password to something you have not used anywhere else, and sign out of all sessions if the service offers that option (most do — look in account settings).
If you cannot remember your login or have not used the service for years, do not just ignore it. Attackers buy old credentials specifically because people reuse them. Either delete the account or set a new password and walk away.
Step 3 — Stop reusing passwords
The reason a single breach can take down half your accounts is password reuse. Attackers run leaked credentials against banks, email providers, and shopping sites automatically — a technique called credential stuffing. The fix is a password manager.
Use one of Bitwarden, 1Password, or Apple Passwords / Google Password Manager. Let it generate a unique password for every account. You only have to remember one master password from then on.
Step 4 — Turn on two-factor authentication
Two-factor authentication (2FA) adds a second check at sign-in — usually a code from an app or a hardware key. Even with your password in hand, an attacker cannot get in without the second factor.
Prioritise: your primary email, your password manager, your bank, and any account that holds payment details. Use an authenticator app (Authy, 1Password, Google Authenticator) over SMS where possible. SMS 2FA is better than nothing but is vulnerable to SIM-swap attacks.
Step 5 — Watch your bank and email
For the next 30 days, scan your bank and credit card statements for charges you did not make. Most fraud starts small — a £1 charge to test the card, then a larger one days later. Report anything unfamiliar to your bank straight away.
Check your primary email for sign-in alerts, password reset emails you did not request, and unusual filter or forwarding rules. Attackers often add a hidden forwarding rule to copy your incoming email to themselves while you remain unaware.
Step 6 — Set up ongoing monitoring
New breaches are discovered every week. A single check tells you about today; ongoing monitoring tells you the moment something new happens. AICS Membership re-checks your email monthly against newly added breach sources, runs a dark web database search, and includes a phishing email analyser and a virus and URL scanner.
You can also keep an eye on how AICS protects your data and read the full Privacy Policy to understand what we do and do not store.
Frequently asked questions
How do I know which password was exposed?
Should I tell my bank if my email was in a breach?
Can I remove my data from a breach?
Run a free check now
Find out which breach sources contain your email in seconds. No signup required.
Run a free exposure check