Incident RecoveryHome Users10 min read · Updated June 2026

What to Do After Being Hacked — Your Complete Recovery Guide

Being hacked is stressful. But most incidents are recoverable if you act systematically. This guide walks you through everything — from the first actions in the first hour, to the steps that protect you long-term.

Work through it in order. Each step builds on the last.

In the First Hour

Step 1 — Stay Calm and Assess What Happened

Before doing anything, take a moment to understand the scope. Ask:

Which account or device was affected?
What information might the criminal have accessed? (Passwords? Financial details? Personal data?)
Did you click a link, download something, or receive an unexpected login notification?

Understanding what happened helps you prioritise your response.

Step 2 — Secure Your Email Account First

Your email account is the master key. If it is compromised, a criminal can reset every other password. Secure it before anything else:

1Log in and change your password immediately

2Enable two-factor authentication

3Check for forwarding rules you did not create (Settings → Rules/Filters) and delete them

4Review active sessions and remove any unrecognised devices

Step 3 — Change Passwords on All Affected Accounts

For every account that was compromised — or that shares the same password:

1Change the password to something strong and unique

2Enable two-factor authentication

3Check account activity for anything you do not recognise

Start with the highest-value accounts: banking, email, Apple ID / Google account, social media.

Step 4 — Contact Your Bank Immediately If Financial Data Was Involved

If any banking details, card numbers, or payment information may have been accessed or used, call your bank now. Use the number on the back of your card. Ask them to:

Review recent transactions
Flag any suspicious activity
Freeze or replace your card if necessary

Get a free, personalised recovery checklist.

Cyber Nova AI gives you a step-by-step security plan based on your specific situation — accounts, devices, and long-term protection. NCSC-aligned. Free to start.

Get my free recovery plan

In the First 24 Hours

Step 5 — Run a Full Security Scan on All Your Devices

Use a reputable security tool:

WindowsWindows Security → Full Scan

MacMalwarebytes free version (malwarebytes.com)

AndroidMalwarebytes or Bitdefender

iPhoneReview Settings → Privacy & Security → App permissions. Malware is rare on iOS.

Remove any apps or files you do not recognise.

Step 6 — Check Whether Your Information Has Been Exposed

haveibeenpwned.com — enter your email address to see if it appears in known data breaches
Your bank and credit card statements — look for small unfamiliar charges over the last 30–60 days

Step 7 — Report What Happened

Reporting helps others avoid the same attack and creates a record that may support any financial claim:

Action Fraud: actionfraud.police.uk or 0300 123 2040 — for any cybercrime or financial fraud
Your bank's fraud team — if financial accounts were involved
NCSC Suspicious Email Reporting Service: report@phishing.gov.uk — if a phishing email was the cause

For full reporting guidance, see: How to Report a Cyber Attack or Data Breach →

In the First Week

Step 8 — Audit All Your Accounts

Go through every online account you use — shopping sites, streaming, forums, work tools — and for each one:

1Is the password strong and unique? If not, change it.

2Is two-factor authentication available? If so, enable it.

3Are there any unrecognised saved payment methods? Remove them.

A password manager makes this process manageable. Bitwarden is free, open-source, and trusted by security professionals.

Step 9 — Check Your Credit File

If you believe your personal information was exposed, check your credit file for any fraudulent applications in your name. All three UK credit reference agencies offer free credit reports:

Experianexperian.co.uk

Equifaxequifax.co.uk

TransUniontransunion.co.uk

Step 10 — Consider Protective Registration

If your identity has been used fraudulently, CIFAS Protective Registration (£25 for two years at cifas.org.uk) flags your file so lenders must take extra verification steps before approving credit in your name.

Long-Term Protection

Once the immediate recovery is complete, put these habits in place permanently:

Use a password manager

Bitwarden (free) means every account has a unique, strong password — and you only need to remember one master password.

Enable 2FA on everything

Especially email, banking, and social media.

Keep devices and apps updated

Security updates close the vulnerabilities criminals exploit.

Check haveibeenpwned.com periodically

Or enable breach alerts if your email provider supports them.

Not sure if you were hacked?

Am I Being Hacked? Signs and What to Do Right Now →

Need to report what happened?

How to Report a Cyber Attack or Data Breach →

Frequently asked questions

How do I know if my personal data has been stolen?

Check haveibeenpwned.com to see if your email address appeared in a known breach. Also check your credit file for any applications you did not make, and monitor your bank statements for unfamiliar charges.

Do I need to report a hack to the police?

Report cybercrime to Action Fraud (not your local police station) at actionfraud.police.uk. Action Fraud is the UK's national reporting centre for fraud and cybercrime and routes reports to the National Fraud Intelligence Bureau.

How do I make sure it does not happen again?

The three most important steps are: use a different strong password for every account (use a password manager), enable two-factor authentication on all important accounts, and keep your devices and software updated. A Cyber Nova AI free account gives you a personalised checklist covering all of these for your specific situation.

Get properly protected — free

Get a free, personalised cybersecurity plan that covers all of the above — step by step, in plain English. NCSC-aligned. No technical knowledge needed.