What to do if you’re hacked.

A step-by-step guide for what to do if your account gets hacked or your identity is stolen.

1. Immediate Actions to Secure Your Accounts

Take these steps as soon as you suspect a hack.

A. Lock Down the Affected Account

• Change your password(s) immediately from a secure device.

  • Use a strong password with at least 12 characters, mixing upper/lowercase, numbers, and symbols.

  • Do NOT reuse passwords from other accounts.

• If you can’t access the account, use the “Forgot Password” or “Recover Account” option.

• If recovery doesn’t work, contact the service provider (e.g., bank, email, social media) and report the hack.

B. Enable Two-Factor Authentication (2FA)

• Add 2FA to every account, starting with:

  • Email

  • Banking and financial accounts

  • Password manager

  • Cloud storage (Google Drive, iCloud, Dropbox, etc.)

• Use an authenticator app (such as Google Authenticator) instead of SMS for enhanced security.

C. Disconnect Devices

• Log out of all sessions remotely (most platforms allow this in account settings).

• Reboot or perform a factory reset on devices if you suspect malware.

2. Check for Identity Theft

If hackers had access to sensitive data, such as Social Security numbers, bank accounts, or driver’s license information, it would be treated as identity theft.

A. Place a Fraud Alert

• Contact one of the three credit bureaus (they must notify the others):

  • Equifax: 1-800-525-6285

  • Experian: 1-888-397-3742

  • TransUnion: 1-800-680-7289

• This makes it harder for criminals to open new accounts in your name.

B. Freeze Your Credit (it’s easy and free)

• Freezing your credit prevents anyone from opening new credit lines in your name.

• Contact each bureau separately to freeze (and later unfreeze) your credit.

C. Review Your Credit Reports

• Get a free report from AnnualCreditReport.com.

• Look for:

  • Unknown accounts

  • Credit inquiries you didn’t authorize

  • Suspicious activity

3. Secure Your Finances

If banking or payment accounts were involved:

A. Contact Your Bank or Credit Card Company

• Report fraud and freeze or close compromised accounts.

• Request a new card and account number.

• Ask about fraud liability protections and reimbursement.

B. Watch for Unauthorized Transactions

• Check statements daily for at least 30 days.

• Set up text alerts for any transactions.

C. Update Linked Accounts

• Update your PayPal, Venmo, Zelle, Apple Pay, or similar accounts.

• Remove compromised payment methods.

4. Protect Your Email

Your email is a gateway to other accounts. If it’s hacked:

• Change the password immediately.

• Look for forwarding rules or filters that hackers may have set to receive copies of your messages secretly.

• Check for any linked recovery emails or phone numbers you don’t recognize and remove them.

5. Secure Your Devices

Hackers often plant malware to maintain access.

• Run antivirus scans on all computers and phones.

• Consider factory resetting a compromised device.

• Update all operating systems and apps to their latest versions.

• Remove unknown apps or browser extensions.

6. Report the Incident

Reporting helps track fraud and provides documentation for legal or financial recovery.

Where to Report Identity Theft:

• FTC (Federal Trade Commission): IdentityTheft.gov – creates a recovery plan.

• Local police department: File a police report if:

  • You know the thief

  • There are fraudulent accounts opened

  • Your bank or insurance company requires it

Report to Relevant Companies:

• Social media platforms

• Email providers

• Banks and lenders

• Utility companies if your accounts were compromised

7. Update Security Across All Accounts

• Review all accounts connected to the hacked one.

• Update passwords everywhere. Consider using a password manager (LifeLock).

• Remove old apps or accounts you no longer use.

8. Monitor for Ongoing Threats

Identity theft can linger for months.

• Set up credit monitoring through your bank or a service like LifeLock or Aura.

• Check your credit report every few months.

• Monitor medical insurance claims for fraudulent charges.

9. If Your Social Security Number Was Compromised

• Contact the Social Security Administration: 1-800-772-1213.

• If someone files taxes in your name:

  • Call the IRS Identity Protection Unit: 1-800-908-4490.

  • File IRS Form 14039 (“Identity Theft Affidavit”).

10. Build a Long-Term Prevention Plan

• Regularly update passwords and review account activity.

• Use a dedicated email address for financial accounts only.

• Shred sensitive paper documents before disposal.

• Stay cautious of phishing emails and scam calls.

Check out my free resources on staying safe online.