What are the next immediate steps?
If your information is found on the dark web, here are recommended steps you can take:
Lock the account of users whose credentials have been affected and force them to change their password on the next sign-on.
After changing passwords in all affected accounts, and as an added precaution, change the security questions on these accounts as well.
Consider adding 2-factor authentication or MFA to affected accounts to help prevent account takeover attacks.
Enroll affected users in phishing training and simulations.