Freeze Your Credit After Data Exposure: The Privacy Cleanup Order That Works
A current-day checklist for freezing credit, adding fraud alerts, checking identity-theft reports, and cleaning up the broker trail after your data is exposed.
A credit freeze is one of the few identity-protection moves that actually changes the economics for an attacker. If someone has your Social Security number, date of birth, or enough profile data to impersonate you, a freeze can stop many new-credit applications from moving forward because lenders cannot freely pull your credit report.
It is not a full privacy cleanup. It does not remove your address from people-search sites. It does not stop phishing. It does not tell you which broker sold your phone number. But after data exposure, it is the right first wall to put up before you start the slower work of shrinking your public identity trail.
One-sentence answer: Freeze your credit at the major bureaus first, add the right fraud alert if identity theft is suspected, then clean up the broker records that make impersonation easier.
Credit freeze, fraud alert, credit lock: the simple version
The terms sound interchangeable. They are not.
| Tool | What it does | When to use it |
|---|---|---|
| Credit freeze | Restricts access to your credit file, making it harder to open new accounts in your name | Use after data exposure, suspected identity theft, or as a default defensive setting |
| Fraud alert | Tells creditors to take extra steps to verify your identity before opening new credit | Use when you suspect identity theft or want bureaus to flag applications |
| Credit lock | A bureau product that can look like a freeze but is governed by the product terms | Use only if you understand the terms and do not confuse it with your legal freeze rights |
The FTC's guidance is blunt: a credit freeze restricts access to your credit report, while a fraud alert requires creditors to verify your identity before opening new credit. The CFPB similarly explains that a security freeze makes it harder for identity thieves to open accounts because creditors usually need access to the report first.
Step 1: Freeze the major credit reports
Do this directly with each nationwide credit bureau. A freeze at one bureau does not automatically freeze the others.
- Equifax
- Experian
- TransUnion
Use each bureau's official site or phone path. Save the confirmation, recovery PIN if provided, and the date. Put those details in your password manager. You will need them when you temporarily lift a freeze for a mortgage, apartment application, car loan, credit card, or utility setup.
Freezing credit does not stop your existing cards, loans, or bank accounts from working. It is mainly about new-credit checks.
Step 2: Add a fraud alert when identity theft is plausible
If the exposure included identity fields such as Social Security number, date of birth, address history, or driver's license data, a fraud alert can add another verification step. Unlike freezes, a fraud alert placed with one of the three major bureaus should be passed to the other two.
Use an initial fraud alert when you suspect risk. If you are an identity-theft victim and have an FTC Identity Theft Report, IdentityTheft.gov points people toward extended recovery steps, including reports that can support an extended fraud alert.
The practical order:
- Freeze all three credit reports.
- Place a fraud alert if the exposure involved identity fields or suspicious activity.
- Create an IdentityTheft.gov report if actual identity theft happened, not just general exposure.
Do not create a false identity-theft report just to get paperwork. If you only received a breach notice and have no fraudulent account, say that.
Step 3: Pull your reports and look for new-account noise
Once the freeze is set, check your credit reports for accounts you do not recognize, hard inquiries you did not initiate, address changes, phone numbers, employers, or names that do not belong to you.
You are not only looking for a fully opened fraudulent account. Early warning signs matter:
- A hard inquiry from a lender you never contacted.
- A new address attached to your profile.
- A collection account you do not recognize.
- A phone number or employer that is not yours.
- A credit-card account with a small balance that looks like a test.
If you find real fraud, preserve screenshots or PDFs, file the relevant disputes, and use IdentityTheft.gov to build the recovery plan and letters.
Step 4: Freeze the adjacent files when the exposure is serious
The big three bureaus are not the only identity files that matter. Depending on what was exposed, you may also need to look at specialty reporting systems.
- ChexSystems: relevant for checking-account fraud.
- NCTUE: relevant for telecom, utility, and pay-TV account fraud.
- LexisNexis consumer files: relevant when identity data is being matched across public records and risk products.
Not every breach needs every specialty freeze. If only a password leaked, start with password rotation and MFA. If SSN, date of birth, address, or driver's license data leaked, the specialty-file layer deserves attention.
Step 5: Remove the broker trail that helps attackers pass checks
Credit freezes create friction at the lender gate. Broker cleanup reduces the profile data attackers use before they get there.
After data exposure, search for:
- Your phone number in quotes.
- Your current address in quotes.
- Your full name plus city.
- Your full name plus age.
- Your full name plus relatives' names.
If people-search sites expose the same details named in the breach notice, prioritize those opt-outs first. Start with high-visibility people-search and broker sites, then expand from there using our 50-site opt-out list.
This is the bridge between the credit-protection task and the privacy task. Freezes help prevent new accounts. Broker removal makes it harder for someone to assemble a convincing identity packet in the first place.
What to do today
Use this order for the current-day cleanup:
- Freeze Equifax, Experian, and TransUnion.
- Save every confirmation in your password manager.
- Add a fraud alert if identity theft is suspected.
- Pull your reports and scan for unfamiliar inquiries or accounts.
- Use IdentityTheft.gov if actual identity theft has occurred.
- Search the exposed phone, email, address, and name-city pair.
- File broker opt-outs for records that connect those fields.
The freeze is the quick wall. The broker cleanup is the longer cleanup that makes the next scam harder to aim.
Leak Check Me sits in that second lane: finding public identity links, preparing eligible scrub actions, and helping you patrol for relistings after the first pass is done.