If you think your company’s data may have been leaked — or worse, published — online, it’s natural to feel concerned.

Whether it’s credentials, customer records, internal documents or financial data, the sooner you act, the better your chances of minimising the damage.

This guide walks you through how to check for leaked data, where to look, and what steps to take if you discover exposure.

Step 1: Understand the Signs of a Data Leak

You may suspect a data leak if:

• You’ve seen suspicious login attempts or credential resets

• Customers report phishing emails or fraud attempts using your branding

• Sensitive information appears in search results, social media, or forums

• You’ve been alerted by a security vendor, third-party, or regulator

• You’ve received a ransom note or extortion email referencing stolen data

Even if there’s no obvious sign, it’s worth checking proactively if you’ve recently had a breach, phishing incident, or suspicious activity on your network.

Step 2: Check for Leaked Credentials and Business Email Accounts

Start by checking whether employee logins or passwords have been exposed in known breaches.

🔍 Tools you can use:

• Have I Been Pwned — for checking email addresses

• Intelligence feeds or paid threat monitoring platforms (e.g. SpyCloud, Constella, Recorded Future)

• Internal audit tools (Active Directory password auditing, password reuse detection)

✅ Focus on:

• Company email domains (e.g. @yourcompany.com)

• Privileged accounts or service logins

• Reused passwords across multiple services

If credentials have been leaked, reset them immediately — and enable MFA everywhere possible.

Step 3: Look for Exposed Data on Paste Sites, Forums, and Marketplaces

Data leaks don’t always show up on public websites.

Attackers often post samples on underground forums or paste sites to prove what they’ve stolen.

What to search for:

• Your company name + terms like “data leak,” “dump,” or “download”

• Internal project names or document titles

• Email addresses or common file naming conventions

• Mentions on Telegram channels or dark web marketplaces (using a threat intel provider)

Note: Do not attempt to download leaked files from suspicious sites. This can expose you to legal and security risks. Always work with a specialist to investigate further.

Step 4: Use Dark Web Monitoring Tools

To go deeper, consider a dark web monitoring solution — either standalone or as part of a managed detection and response service.

These tools monitor for:

• Stolen credentials

• Exposed customer or payment data

• Internal documents

• References to your company in threat actor chatter

STORM Guidance can monitor for threats specific to your business, assess risk, and advise on response.

Step 5: Contain and Respond If You Find a Leak

If you confirm a data leak:

• Identify what type of data was exposed (e.g. credentials, client records, financial info)

• Determine the likely source (e.g. phishing, compromised system, third-party breach)

• Revoke access, reset passwords, and patch vulnerabilities

• Notify regulators (e.g. the ICO in the UK) if personal data is involved

• Communicate clearly with affected clients, employees, or partners

• Document everything for compliance, legal, and insurance purposes

STORM Guidance Can Help You Detect and Manage Data Leaks

✔ Dark web and surface web monitoring for leaked data

✔ Credential exposure checks and investigation

✔ Threat actor engagement and response if data is used for extortion

✔ Regulatory and legal support

✔ Full incident response and remediation

Worried About a Data Leak? Don’t Wait to Act

Even if you’re not sure, it’s worth checking.

Many data leaks go unnoticed until they’re exploited — but early detection gives your business the upper hand.

STORM Guidance helps businesses identify, investigate, and respond to data exposure quickly and with confidence.