Privacy guide

What is a data breach, and what should you do?

Data breaches explained for Indian users: what a breach means, how to tell if you are affected, and the practical steps to protect yourself.

The simple answer

A data breach is when personal data a company holds is exposed, leaked or accessed without authorisation. It can include emails, phone numbers, passwords, payment details or identity information.

You often cannot prevent a company breach, but you can limit the damage. The key steps are changing reused passwords, watching for scams that use your leaked details, and asking the company what happened.

What to check

1
Change passwords, especially reused ones.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

2
Turn on two-factor authentication.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

3
Watch for scams that quote your real details.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

4
Ask the company what data was exposed.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

5
Keep proof of any breach notice.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

From our investigation

A breach turns stored data into exposed data.

State of Privacy looks at how much data companies collect and keep because the more they hold, the more is exposed when something goes wrong.

What to do next

1
Update passwords and enable two-factor authentication.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

2
Stay alert to targeted scam calls and messages.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

3
Ask the company what was exposed and what it is doing.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

People also ask

What is a data breach?

It is when personal data a company holds is exposed, leaked or accessed without authorisation.

How do I know if I am affected?

Watch for breach notices, unusual logins and scams that quote your real details, and ask the company directly.

What should I do first?

Change reused passwords, enable two-factor authentication and stay alert to scams using your data.

If you are a company
Check your own website.

How many trackers run on your pages? Does your privacy policy name them? Can you answer a data-rights email? If you don't know, we can help you find out.

Talk to Meridian Bridge Strategy →
Your right under Indian law
Mera data mera hai.

Your personal data belongs to you. Under DPDP, every company must tell you what they have and delete it if you ask. One email is all it takes.

Get the template email →
Read the full investigation.

We investigated 107 Indian company websites. The public report shows what we found.

Read the reportTry the experience