How do I know if my email has been in a data breach?

Use a breach-checking service like Bedrock Safeguard's free Breach Scanner at bedrocksafe.ca/breach.html. Enter your email address and the tool checks it against databases of known breaches to tell you if and where your credentials were exposed.

What should I do if my email is found in a data breach?

Immediately change the password on the affected account. If you used the same password anywhere else, change those too. Enable two-factor authentication. Monitor your financial accounts for suspicious activity. Consider using a password manager to generate unique passwords for every account.

How many data breaches have there been?

As of 2026, over 11 billion individual credentials have been exposed in documented data breaches worldwide. Major breaches include incidents affecting LinkedIn, Yahoo, Adobe, Equifax, and thousands of smaller organizations. New breaches are discovered daily.

How to Check If Your Email Has Been in a Data Breach (2026 Guide)

By Mike Heintzman, Director of Threat Intelligence, Bedrock Safeguard Inc.

Published: April 5, 2026

Over 11 billion individual credentials have been exposed in documented data breaches worldwide. That number grows every day. If you have used the internet for any length of time, there is a significant chance your email address — and possibly your password — has appeared in at least one breach.

The good news: checking is free, fast, and the first step toward protecting yourself. Here is how to do it.

Step 1: Check Your Email Against Known Breaches

The fastest way to check is with our free Breach Scanner. Enter your email address and within seconds you will see a list of breaches where your credentials were exposed, including what data was leaked (passwords, names, phone numbers, financial information).

We check against aggregated breach databases that include data from major incidents as well as smaller, less-publicized breaches. The results show you exactly which services were compromised and when.

Check Your Email Now

Free, instant, no signup required. See if your email has been exposed in known data breaches.

Open Breach Scanner

Step 2: Understand What Was Exposed

Not all breaches are created equal. The severity depends on what data was leaked:

Email + password: The most dangerous combination. If you reuse this password anywhere, every account using it is at risk.
Email + name + phone: Used for targeted phishing and social engineering attacks. Criminals can craft convincing messages using your real information.
Financial data: Credit card numbers, bank account details, or billing addresses. Monitor your accounts immediately.
Personal identifiers: Social Insurance Numbers, dates of birth, or addresses. These enable identity theft and can take years to fully remediate.

Step 3: Take Immediate Action

If your email appears in any breach, take these steps right away:

Change the password on the affected service immediately. Use a strong, unique password (at least 16 characters, mixing letters, numbers, and symbols).
Change it everywhere else you used the same password. This is the most critical step. Password reuse is how a single breach becomes a cascade of compromised accounts.
Enable two-factor authentication (2FA) on every account that supports it. Even if your password is stolen, 2FA adds a second layer that attackers must bypass. Use an authenticator app rather than SMS where possible.
Monitor your financial accounts for unauthorized transactions. If financial data was exposed, consider placing a fraud alert with Equifax Canada or TransUnion Canada.
Watch for phishing. After a breach, you may receive convincing-looking emails using your leaked personal information. Be suspicious of unexpected emails asking you to click links or verify account details.

Step 4: Prevent Future Exposure

You cannot control whether a service you use gets breached. But you can limit the damage:

Use a password manager. Tools like Bitwarden, 1Password, or KeePass generate and store unique passwords for every account. You only need to remember one master password.
Never reuse passwords. Every account should have a unique password. A password manager makes this practical.
Enable 2FA everywhere. Prioritize email accounts, banking, and any service that stores sensitive data.
Use email aliases. Some email providers let you create aliases or plus-addressing (you+service@email.com) so you can track which services share or leak your data.
Check regularly. Breaches are discovered months or years after they happen. Check your email every few months using our Breach Scanner.

For businesses: if employee credentials appear in breach databases, those credentials are likely being sold on criminal marketplaces right now. Run your company domain through our breach scanner or contact us for a full exposure assessment.

Why This Matters for Canadian Businesses

Under PIPEDA, Canadian businesses are required to report breaches that create a real risk of significant harm. But you cannot report what you do not know about. Regularly checking whether your organization's credentials have been exposed is a baseline security practice.

Employee credential theft is one of the most common initial access vectors for ransomware attacks. If an employee's corporate email and password were leaked in a third-party breach and they reused that password for their work VPN, an attacker has a direct path into your network. Checking for exposed credentials is not optional — it is essential.

How to Check If Your Email Has Been in a Data Breach