Emergency plan: What to do if you've been hacked

Emma McGowan 3 Nov 2022

It can feel embarrassing to be the victim of a crime but, remember: It’s so, so common.

Your family has a plan in case of a fire. You might have one for earthquakes, or other natural disasters. And, these days, it’s a good idea to also have a plan for what you’re going to do if you’ve been hacked. 

Because, believe it or not, it’s much more likely that you or a loved one will be the victim of a data breach, phishing attack, romance scam, or one of the many other cyber crimes that we colloquially call “hacks” these days. According to the FBI’s 2021 Internet Crime Report, there were nearly 850,000 filed complaints of “hacks” in 2021, for a total of nearly $7 billion lost. In comparison, there were about 338,000 home structure fires that same year.

Yikes! With that in mind, we wanted to provide you with a short and sweet emergency plan for what to do if you (or a loved one) have been hacked. Print it out, pin it next to your computer, place it on the fridge, or file it away somewhere handy to ensure that if you’re a victim of a cyber crime, you know what to do.

1. Change your passwords. 

The first move after being a victim of a cyber crime is to change your passwords. Start with the service that was immediately affected, then branch out to other sites, apps, or services where you’ve used that same password. If you still have some steam, continue on to other accounts and change those passwords as well.

One tool that really helps with creating, remembering, and changing secure passwords is a password manager. Download one and start using it ASAP.

2. Enable two-factor authentication.

While you’re in there changing passwords, be sure to enable two-factor authentication (TFA), if it’s available. TFA requires that you input not only your password but also another authenticating factor (like a code that’s been texted to you) in order to access an account. This adds another layer of security onto your accounts, because the cyber criminals who got ahold of your password likely don’t have access to your text or email, making it impossible for them to log in again.

3. Call your bank.

When any account has been compromised, it’s possible that your bank (and other financial institutions) accounts might be compromised. Contact your bank ASAP to let them know what happened and that they should be on the lookout for any suspicious activity.

4. Tell friends and family. 

It can feel embarrassing to be the victim of a crime but, remember: It’s so, so common. Letting your friends and family know what happened to you not only helps them be aware of similar scams themselves, but also alerts them that they need to be on the lookout in case they receive a weird message from “you.”

5. Report the incident to the Federal Trade Commission (FTC). 

It can be difficult to prosecute cyber crimes after they’ve happened, but letting the FTC know what happened helps them prevent more crimes in the future. 


Take our cyber awareness quiz and learn how you can navigate discussions with your family around  the complexities of technology and digital threats. What's more, download our online safety checklist (PDF) for a quick guide to better online safety.

--> -->