Nexstar Media Wire News ‘Your data has been breached’: But is the message itself hiding a scam? by Jeremy Tanner - 03/15/26 9:00 AM ET by Jeremy Tanner - 03/15/26 9:00 AM ET Share ✕ LinkedIn LinkedIn Email Email NOW PLAYING (NEXSTAR) – Cyber experts are warning that the message no one wants to receive – “Your data has been breached” – could actually be the first phase of a popular scam. It often works like this: an email or text pops up warning that personal data has been breached, often with a sense of urgency, adding that immediate action is necessary to keep from getting locked out of one’s account. “These scams have been around for years, but they’ve become much more common over time as data breaches themselves have increased,” Ian Bednowitz, general manager for LifeLock, told Nexstar. Red flags to watch out for Those messages may come with a suspicious link or attachment and request personal or financial information. “We see this pattern again and again,” Michael Bruemmer, head of global data-breach resolution at  Experian , told the Wall Street Journal . “The scammer waits for a real breach to make headlines, then rides the wave of public concern to trick people.” Experts warn that, as with many scam attempts, a bogus data breach warning may arrive with misspellings and unusual URLs. “When in doubt, treat any unexpected breach message the same way you would treat an unexpected payment request,” Bednowitz said. “Pause, verify it independently, and don’t interact with the message itself.  How to verify a breach alert without clicking on the message While scammers try to capitalize on highly-publicized data breaches, some warnings are legitimate. Instead of clicking a link in the email or text, however, experts recommend going directly to the company’s official website or app and typing the address into one’s browser manually to verify it. “Think of it like getting a suspicious phone call from your bank,” Bednowitz said. “It’s a similar process in that you should never respond through the message you received. Contact the company through a channel you trust. That small pause can make a big difference in avoiding falling victim to a scam.” When to change passwords versus freezing credit? If the data breach is legitimate, what to do next depends on the nature of the incident. If the breach includes login credentials like usernames, passwords or email access, it’s important to change one’s password immediately, according to experts. If the breach involves personal data like Social Security numbers, birthdates or financial account data, freezing one’s credit can prevent identity theft and stop scammers from opening up new credit accounts under a victim’s name. Bednowitz says it’s also crucial to take a step back before acting after receiving a concerning message. “It’s important for people to remember: awareness and verification are your best defense,” Bednowitz said. “The more we normalize taking a moment to confirm messages before acting, the harder it becomes for scammers to succeed.” Add as preferred source on Google Tags Copyright 2026 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. Share ✕ LinkedIn LinkedIn Email Email More Nexstar Media Wire News News See All Nexstar Media Wire News How soon will clocks ‘fall back?’ This year, as early as possible by Addy Bink 59 minutes ago Nexstar Media Wire News  /  59 minutes ago