How to Check If Your Data Has Been Breached (Free Tools + Next Steps)
In 2025, a record 3,322 data breaches were reported in the United States, with 278.8 million victim notification letters sent out. The average cost of a US data breach reached $10.22 million. Financial services alone accounted for 739 compromises; healthcare saw 534.
If you have an email address, a phone number, or an online account, there is a meaningful probability that your data has already been exposed. The question is not whether to check — it is how.
This guide walks you through three free tools you can use right now to check if your personal data has appeared in known breaches, and what to do if it has.
Tool 1: Have I Been Pwned (HIBP)
Website: haveibeenpwned.com
Have I Been Pwned, created by security researcher Troy Hunt, is the most widely used breach-checking tool. It indexes data from publicly disclosed breaches and lets you search by email address or phone number.
How to use it
- Go to haveibeenpwned.com.
- Enter your email address in the search field and click "pwned?"
- The site will display a list of breaches your email appeared in, along with the types of data exposed (passwords, IP addresses, physical addresses, etc.).
- Scroll down to review each breach. HIBP provides the breach date, the number of accounts affected, and the specific data types compromised.
- To check a phone number, enter it in international format (e.g., +15551234567).
What to look for
Pay close attention to breaches that exposed passwords or password hashes. If you reused that password anywhere, every account using it is now vulnerable.
Also note breaches exposing security questions and answers, which are often reused across services and cannot be changed as easily as passwords.
Additional feature: Notify Me
Click "Notify me" and enter your email to receive automatic alerts if your address appears in future breaches. This is free and requires no account creation.
Tool 2: Mozilla Monitor
Website: monitor.mozilla.org
Mozilla Monitor (formerly Firefox Monitor) is built on the same HIBP database but adds a guided remediation workflow. It is particularly useful if you want clear instructions on what to do after finding a breach.
How to use it
- Go to monitor.mozilla.org.
- Sign in with a Mozilla account (free to create) or enter your email address.
- Mozilla Monitor will show you a dashboard listing your breaches, categorized by severity.
- For each breach, Mozilla Monitor provides specific recommended actions: change this password, enable two-factor authentication on that account, monitor this credit report.
Why it is useful
Mozilla Monitor excels at turning raw breach data into actionable steps. Where HIBP tells you what was exposed, Mozilla Monitor tells you what to do about it. The dashboard also tracks your progress as you resolve each breach.
The free tier covers one email address. Mozilla also offers Monitor Plus, a paid tier that includes data broker monitoring and removal — though with limited broker coverage compared to dedicated removal services.
Tool 3: DeHashed
Website: dehashed.com
DeHashed is a search engine for leaked databases. Unlike HIBP, which searches by email only, DeHashed lets you search by name, username, IP address, phone number, and even physical address. This makes it a more powerful tool for understanding the full scope of your exposure.
How to use it
- Go to dehashed.com.
- Create a free account (required for searching).
- Enter a search query — your email, name, phone number, or username.
- DeHashed returns matching records from leaked databases, showing which database the record came from and what data fields were exposed.
What makes DeHashed different
DeHashed searches across the dark web and underground data dumps that HIBP may not index. It is particularly valuable for finding exposures tied to your name or phone number rather than just email.
The free tier provides limited search results. Paid plans unlock full results and API access. For a quick check of whether your data is circulating in leaked databases, the free tier is sufficient.
Important note: DeHashed shows raw data from breaches. If you see passwords listed in plaintext, that breach exposed your actual password without hashing — change it immediately everywhere you used it.
What to Do If You Find Breaches
Finding your data in breaches is common. The 2025 breach statistics — 3,322 incidents, 278.8 million notifications — mean that most adults with online accounts have been affected. The important thing is what you do next.
Step 1: Change compromised passwords immediately
For every breach that exposed a password:
- Change the password on the breached service
- Change it on every other service where you reused that password
- Use a unique, randomly generated password for each account going forward
- Use a password manager (Bitwarden, 1Password, or your browser's built-in manager) to handle the complexity
Step 2: Enable two-factor authentication (2FA)
Turn on 2FA for every account that supports it, prioritizing:
- Email accounts (these are the keys to your other accounts)
- Financial accounts (banking, investment, payment services)
- Social media accounts
- Cloud storage (Google Drive, Dropbox, iCloud)
Use an authenticator app (Google Authenticator, Authy) rather than SMS-based 2FA when possible. SMS can be intercepted through SIM-swapping attacks.
Step 3: Freeze your credit
Contact all three credit bureaus to place a security freeze:
- Equifax: equifax.com/personal/credit-report-services/credit-freeze
- Experian: experian.com/freeze
- TransUnion: transunion.com/credit-freeze
A credit freeze is free, prevents anyone from opening accounts in your name, and can be temporarily lifted when you need to apply for credit. If your Social Security number, date of birth, or address was exposed in a breach, this step is essential.
Step 4: Monitor your financial accounts
Review bank and credit card statements for unauthorized charges. Set up transaction alerts with your bank so you are notified of activity in real time. Check your credit report at annualcreditreport.com — you are entitled to free weekly reports from all three bureaus.
Step 5: Watch for phishing attempts
After a breach, attackers often use the exposed data to craft convincing phishing emails. If a breach exposed your name, email, and the service you used, expect emails that reference the service by name and attempt to get you to click a link or enter credentials.
Be skeptical of any email asking you to "verify your account" or "reset your password" — go directly to the service's website rather than clicking links in emails.
Free Tools Are a Starting Point — Not a Complete Solution
HIBP, Mozilla Monitor, and DeHashed are excellent for checking known breaches. But they have limitations:
- They are reactive: they tell you about breaches after they happen
- Coverage varies: not every breach is indexed, especially recent or unreported ones
- They do not remove your data: knowing your data is exposed does not get it removed from data broker sites or dark web marketplaces
This is where continuous monitoring changes the equation. Sirveil's dark web monitoring feature uses DeHashed data and AI-powered scanning to continuously check whether your personal information is circulating in leaked databases and on data broker sites. When exposures are found, Sirveil submits removal requests automatically.
The free tools covered in this guide are the right first step. But given the scale of the 2025 breach landscape — and the reality that supply chain breaches alone doubled to 1,251 last year — ongoing monitoring is no longer optional for anyone serious about protecting their personal data.
Sirveil starts at $7.99/month, or $79.99/year on the annual plan, and covers dark web monitoring, data broker scanning, removal requests, and FOIA filing — everything the free tools do not.
The Sirveil Team builds privacy tools that put individuals back in control of their personal data. Sirveil's AI-powered platform scans data broker sites and the dark web for your exposed information, automates removal requests, and provides continuous monitoring — because knowing about a breach should be the beginning of your response, not the end. Learn more at sirveil.ai.