# Taking Action on Breaches ### Immediate Steps When your credentials appear in a breach: 1. **Change Passwords Immediately**\ Change the password on the compromised service AND any other service where you've used the same password. 2. **Enable 2FA**\ If not already enabled, add two-factor authentication to the compromised account. 3. **Review Account Activity**\ Check for unauthorized logins, changes, or suspicious activity. 4. **Rotate Related Credentials**\ If the breach included API keys or tokens, rotate them immediately. 5. **Monitor for Fraud**\ If financial information was exposed, watch credit reports and bank accounts. ### Organization-Wide Response **For Administrators**: * Review all accounts the affected user has access to * Check audit logs for suspicious activity * Force password reset if necessary * Update security policies based on breach patterns * Communicate with affected team members **For Compliance**: * Document the breach detection and response * Assess whether regulatory notification is required * Update risk registers * Include in security awareness training ### Dismissing False Positives Occasionally, breach alerts may be: * Old breaches you've already addressed * Test accounts or disposable addresses * Unverified or duplicate reports Sentry allows you to: * Mark alerts as "Resolved" when actions are completed * "Dismiss" false positives with a note * View alert history to prevent duplicate investigations --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sentry.auditware.io/monitoring/breach-detection/taking-action-on-breaches.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.