What to do after a cyberattack

So, another company got hacked. Your inbox lights up with a “We care about your privacy” email, and suddenly you’re wondering if some hacker in a basement has your phone number, home address, and your old Yahoo password from 2013. (Spoiler: they probably do.)

We’re living in an era where personal data leaks are as common as weekly app updates. It’s not if your info’s been exposed—it’s how many times. But even in this breach-a-minute reality, most people still freeze when it gets personal.

Let’s walk through what to actually do when a company you used gets hacked, how to tell if it affects you, and how to stay a step ahead of the next phishing scam dressed in fake concern.

If you’ve used the internet in the last decade, your data has probably leaked at least once. Sometimes it’s harmless (an old email tied to a forgotten forum). Other times, it’s high-stakes—like the breach at a payroll provider where names, salaries, and bank accounts were exposed.

Recently:

• Adidas said hackers stole customer service data (no passwords, but still personal info).
• UK legal aid applicants had records going back to 2010 accessed.
• Big names like the Co-op and Marks & Spencer faced disruptions after similar incidents.

These aren’t fringe sites. These are major brands. So the first rule? Don’t assume you’re immune.

If a breach makes the news, companies usually send emails to impacted users. Sometimes it goes to everyone “just in case.” Other times, it’s targeted to people whose data was definitely accessed.

Read it. Even if it’s boring. It usually tells you:

• What was stolen (email, phone number, maybe more)
• Who it affects (not everyone gets hit equally)
• What to do next (password changes, fraud alerts, free monitoring)

In Adidas’s case, it was just users who had contacted customer service. Still, that detail helps you decide how worried to be—and what to do next.

Bonus tip: If they offer free credit monitoring or ID theft protection, accept it. That’s not spam—that’s your only freebie in this whole mess.

If the breached platform is something you use (or used), update your password now. Especially if you’ve reused that password on other accounts. (No shame—just fix it.)

Security basics:

• 12+ characters
• Mix of upper/lowercase, numbers, symbols
• No pet names, birthdays, or “password123” disasters

The UK’s National Cyber Security Centre suggests using three random words strung together—like PizzaDuckSunflower!9. It’s weird. It’s effective.

If remembering dozens of unique passwords sounds impossible, it is. That’s why password managers exist. Bitwarden, 1Password, even your browser’s built-in one—anything beats Post-It notes or reusing the same “qwerty123”.

Passwords are breakable. Two-factor authentication (2FA) makes it way harder for anyone to get into your accounts—even if they somehow have your password.

Here’s how it works:

• You enter your password.
• Then you’re asked for a code—usually sent to your phone or generated by an app like Google Authenticator or Authy.

Pro tip: Use app-based codes, not SMS, when possible. SIM-swap scams are real, and they’re targeting people just like you.

Turn on 2FA for:

• Email
• Banking apps
• Social media
• Any service that supports it

It adds one extra tap—and blocks 99% of automated attacks.

Here’s the wild part: scammers love real cyberattacks. Why? Because they can piggyback off the headlines and send fake emails pretending to be from the breached company.

They’ll say things like:

“Click here to confirm your details.”
“Reset your password urgently.”

Sometimes, they’ll even have some real info about you (like your name or email) to make it look legit. That’s why it works. If you weren’t expecting an email? Don’t click links. Go to the company’s official website and log in there directly.

Marks & Spencer, for example, had to warn customers not to trust messages asking for login info—because those didn’t come from them. When in doubt, delete the message and contact the company on your own.

This is the long game. If your name, ID number, bank account, or salary info was leaked, fraudsters might try to open loans or credit cards in your name—months later.

To catch that early, monitor your credit.

Free tools:

• Credit Karma
• ClearScore
• Some banks also offer credit alerts

These let you check your report for strange activity, like:

• Applications for loans you didn’t make
• Missed payments on accounts you never opened
• A sudden drop in your credit score

If your employer was hacked, or a financial institution you use was breached, this step is mandatory. It’s not about panic. It’s about catching fraud before it becomes debt.

We all love one-click checkout. But saving your payment info with every site is a risk multiplier. Some websites don’t store your card info directly—they use third-party payment processors. But if those get breached? Your info’s still in play.

Best practice:

• Don’t save your card unless it’s a site you use regularly
• Uncheck that box at checkout
• Clear stored cards from your accounts occasionally

Yes, it’ll take 30 extra seconds next time you shop. But it reduces the number of places hackers could find your financial data.

Not all scams come through email. WhatsApp, Instagram, and even TikTok DMs are breeding grounds for scams—especially after big leaks.

Example: the “Hi Mum” scam.
A fraudster texts pretending to be your child, says they’ve got a new phone, and urgently need money for a bill or to reset their online banking.

Real story. Real losses. And it often starts with data from a breach. Take a beat before sending money—especially if the message feels off. Call or voice-note the person. Verify it’s really them. Urgency is a scammer’s favorite weapon. Don’t fall for it.

We’re not saying you should go off-grid, delete your socials, and live in a yurt. But you do need to treat your data like something worth protecting—because it is.

Breach survival checklist:

• Read the breach email (yes, even the boring parts)
• Change your passwords
• Turn on 2FA
• Don’t click sketchy links
• Monitor your credit
• Don’t store card details everywhere
• Verify messages before sending money

This isn’t about fear. It’s about digital hygiene—like brushing your teeth, but for your data.

Hackers are gonna hack. Companies are going to get caught flat-footed. But you? You can be the person who knows exactly what to do next. So when the next “We take your privacy seriously” email hits, you won’t panic. You’ll act. Because in a world where your data leaks more than your reusable water bottle, staying safe isn’t about perfection—it’s about paying attention.