Hour 0-24 checklist
Confirm each item:
- Read the breach notification and identify what data was exposed.
- Change the password for the affected account and any account using the same password.
- Enable multi-factor authentication (MFA) on affected accounts.
- Call your bank and credit card companies if financial data was involved.
- Take a screenshot of the breach notification and save it.
- Save the notification email in a dedicated folder.
Day 1-7 checklist
Follow-up actions:
- Place a fraud alert on your Equifax credit file (equifax.ca).
- Place a fraud alert on your TransUnion credit file (transunion.ca).
- Sign up for any free credit monitoring offered by the breached organization.
- Order a free credit report from both bureaus and review for unauthorized activity.
- If you see suspicious activity, report to the Canadian Anti-Fraud Centre (1-888-495-8501).
- If fraud has occurred, file a police report and get a case number.
Long-term monitoring
For the next 12-24 months:
- Check credit card and bank statements monthly.
- Watch for new account notifications.
- Renew fraud alerts annually (they typically expire after 12 months).
- Keep records of all time and expenses related to the breach (may be recoverable in a class action).
Legal follow-up
If the organization's response is inadequate, file a complaint with the OPC or applicable provincial commissioner.
Watch for class actions related to the breach. Check CanLII for certified classes.
Consider consulting a privacy lawyer if damages are significant.