Incident Protocol
v1.0
// DGP-OB-001 · ORDER SUPPLEMENT

DATA
BREACH
RESPONSE
PLAYBOOK

Your data was exposed. The next 24 hours determine how much damage gets done. This is your step-by-step containment protocol.

24
Hour Window
5
Response Phases
38
Specific Actions
4
Notification Templates
⚠ TIME-SENSITIVE — Identity thieves act within hours of a breach. Begin Phase 1 immediately upon discovery.
// How to use this playbook

Work top to bottom, phase by phase. Click each task to check it off as you complete it — your progress is tracked at the bottom of each phase. Do not skip ahead. Phase 1 must be completed before Phase 2. The checklist resets if you close your browser, so complete each phase in one session or leave this tab open.

Overall Progress 0 of 38 actions complete
Start with Phase 1 below ↓
HOUR 0–1
IMMEDIATE LOCKDOWN
// PRIORITY: CRITICAL
HOUR 1–6
ASSESS THE SCOPE
// PRIORITY: HIGH
HOUR 6–24
CONTAINMENT
// PRIORITY: HIGH
Bureau Freeze URL Phone
Equifax equifax.com/credit-freeze 1-800-685-1111
Experian experian.com/freeze 1-888-397-3742
TransUnion transunion.com/credit-freeze 1-888-909-8872
ChexSystems chexsystems.com/freeze 1-800-428-9623

Use these when contacting banks, employers, or contacts who may be targeted as a result of your breach.

// Bank / Financial Institution Notice
To: [Bank Fraud Department] Subject: Fraud Alert — Compromised Credentials, Account [LAST 4 DIGITS] I am reporting that my personal credentials were exposed in a data breach at [COMPANY NAME] on approximately [DATE]. The following data types were confirmed exposed: • [Email / Password / Payment Info / etc.] I am requesting: 1. A fraud flag placed on my account immediately 2. Enhanced monitoring for the next 90 days 3. Notification of any new account activity by email or SMS 4. A replacement card issued (if applicable) I have not yet identified unauthorized transactions, but am reporting proactively. Please confirm this alert has been placed. Account holder: [Full Name] Account ending: [XXXX] Date: [Today's Date]
// Warning to Known Contacts (if email breached)
Subject: Security Notice — Please Be Aware Hi [Name], I wanted to let you know that my email account was recently compromised in a data breach. If you receive any emails from [your email address] asking for money, passwords, gift cards, or personal information — please do not respond and delete immediately. It may not be me. I have secured my account and this address is now safe to use again. But please stay alert for the next few weeks. Thank you, [Your Name]
DAY 2–7
RECOVERY
// PRIORITY: MEDIUM
// Machine Unlearning Request Template
Subject: Formal Data Deletion + AI Training Opt-Out Request To Whom It May Concern, Under [CCPA / GDPR / applicable state law], I am formally requesting: 1. Deletion of all personal data you hold associated with my identity 2. Opt-out of sale or sharing of my data for AI/ML training purposes 3. Removal of my data from any AI model training pipelines, past or future 4. Written confirmation of compliance within 45 days My identifying information: Name: [Full Name] Email(s): [All emails associated with your account] State of Residence: [Your State] This data was recently exposed in a third-party breach and may have been sold to data brokers or AI training pipelines without my consent. Failure to comply constitutes a violation of applicable consumer privacy law. — [Your Name] Date: [Today's Date]
// Formal Breach Inquiry to Company
To: [security@company.com / privacy@company.com] Subject: Formal Data Breach Inquiry — Account [USERNAME/EMAIL] I am writing regarding the reported data breach at [COMPANY NAME]. As an affected account holder, I am formally requesting: 1. Confirmation that my account was included in the breach 2. The exact categories of personal data that were accessed or exfiltrated 3. The date the breach occurred and the date you became aware of it 4. The specific steps being taken to prevent recurrence 5. Any identity protection services you are providing to affected users Please respond in writing within 14 days. I am retaining this correspondence as part of an ongoing personal records review. Name: [Full Name] Account Email: [Your Email] Date of Request: [Today's Date]
ONGOING
PREVENTION REBOOT
// PRIORITY: LONG-TERM
// Password Infrastructure

Switch to a Password Manager

Bitwarden (free, open-source) generates and stores unique passwords for every account. One master password — every account different.

// Authentication

Authenticator App for All Accounts

Replace SMS 2FA with an authenticator app. Aegis (Android, free) or Google Authenticator. Immune to SIM-swap attacks.

// Email Hygiene

Use Email Aliases for Signups

SimpleLogin.io (free tier) creates throwaway aliases that forward to your real address. Compromised alias? Disable it instantly.

// Monitoring

Monthly Credit Check

Rotate through Equifax, Experian, and TransUnion monthly using annualcreditreport.com — that's one free full report every 4 months.

// 30-Day Post-Breach Monitoring Checklist
WEEK 1: □ Confirm all passwords changed and 2FA enabled □ Monitor bank/credit accounts daily for new charges □ Review email inbox for unauthorized password resets □ Confirm credit freeze is active at all 4 bureaus WEEK 2: □ Check credit report for new account inquiries □ Search your name on Google for new public exposure □ Check pastebin.com for your email address □ Follow up with breached company if no response WEEK 3: □ Review all active sessions on major platforms □ Confirm Google Alerts are sending notifications □ Check HIBP for any new breach appearances WEEK 4: □ Pull second credit report from a different bureau □ Review and revoke any suspicious 3rd-party app access □ Document the full incident with timeline for records □ Decide if freeze should remain or be lifted

// PLAYBOOK COMPLETE
You Ran the Protocol.

The breach is contained. Now make sure your broader digital footprint is clean — addresses, phone numbers, family data, and old accounts still need to come down.

The Digital Ghost Protocol covers everything else.
// STEP TWO

Erase Your Existing Footprint

This Playbook handled the breach. The Digital Ghost Protocol removes everything that was already public — data brokers, people-finder sites, old social profiles.

GET THE GHOST PROTOCOL →
$17–$27 · one-time
// STEP THREE

Build a Privacy-First Tech Stack

Once your footprint is gone, the Ghost Stack Setup Guide locks down your browser, email, passwords, and devices so new exposure stops accumulating entirely.

GET THE GHOST STACK →
$27–$47 · one-time