Skip to main content
All of CanadaUpdated April 2026

I received a data breach notification. What do I do?

Step-by-step response when an organization tells you your information has been compromised.

TL;DR

Read the notification carefully, take the protective steps suggested (password changes, MFA, fraud alerts), document what you did, and file a complaint with the OPC or provincial commissioner if the response was inadequate.

Immediate steps

Within the first 24 hours:

  • Change passwords on any affected account and enable multi-factor authentication.
  • If financial data was involved, call your bank and credit card companies.
  • Place fraud alerts on your credit files with Equifax and TransUnion.
  • Save the notification and take screenshots of any related emails.

Follow-up steps

Within the first week:

  • Monitor bank and credit card statements closely for at least 12 months.
  • Sign up for free credit monitoring if offered by the organization.
  • Consider adding a fraud alert renewal reminder to your calendar (alerts typically last 12 months).

If the response is inadequate

File a complaint with the OPC or applicable provincial commissioner. You may also have a civil claim (intrusion upon seclusion) or class-action rights depending on the circumstances.

Related topics

Ask AI