C3 Credit 2 Millz
Fix · Build · Fund
← Onboarding
🛡 Step 3 · Data Breach Check

Were You In a Breach? Lock Down Your File.

A data breach exposes your information — but a breach by itself is not a basis to delete accounts. The right move is protection: place a 1-year fraud alert (FCRA § 1681c-1) and a free security freeze, then monitor. Check the tools below and screenshot any hit. If you find accounts you did NOT open, that's identity theft — file an FTC Identity Theft Report and use the § 605B identity-theft path (4-business-day block).

1 · Check Your Email Across Known Breaches

Use the tool below to see if your email or phone number has been exposed in a recorded breach. A positive result becomes evidence for your § 605B dispute.

🔄This takes ~10 seconds. Check, SCREENSHOT the result, then upload it below as supporting evidence.
Supporting evidence only — saved on your device, never uploaded to our servers. It travels into your § 605B package alongside your FTC Identity Theft Report below (the FTC report is what legally triggers the 4-business-day block).
Optional — only if this is your situation

2 · Found Accounts You Did NOT Open? File an Identity-Theft Report

Only if you found accounts or items you did not open (genuine identity theft) — file your report at IdentityTheft.gov. That FTC report is what invokes the § 605B 4-business-day block in the identity-theft path. A data breach alone does not qualify; if you only have exposure (no fraudulent accounts), stay on the protection steps above (fraud alert + freeze). Filing a false identity-theft report is a federal crime.

📎Step 2 — upload your report here. Download your FTC Identity Theft Report as a PDF (or photograph it) and upload it below. It is stored only on your device and travels automatically into your § 605B letters in the dispute builder — it is never uploaded to our servers.
Optional — only if this is your situation
⚡ When § 605B applies — and when it doesn't FCRA § 605B (15 U.S.C. § 1681c-2) requires a bureau to block an item within 4 business days — but ONLY for information that resulted from identity theft (accounts you did not open), supported by an FTC Identity Theft Report and your truthful attestation that the items are not yours and you received no goods, services, or money from them. A data breach by itself is not a § 605B basis — for mere exposure, protect your file (fraud alert + security freeze) above. If you have genuine identity-theft accounts, upload your FTC report and use the § 605B identity-theft path in the dispute builder.