'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
What to do if…
you receive a “data export is ready” email for an account you did not request
Short answer
Assume it’s either phishing or a sign someone accessed your account. Don’t click the email links—go directly to the service, confirm whether an export exists, then secure the account (end sessions, change password, turn on 2FA).
Do not do these things
- Don’t click “download export” links or open attachments from the email.
- Don’t call “support” numbers or use “verify your account” links provided in the message.
- Don’t reuse an old password or a slight variation (that can fail if your old password was leaked).
- Don’t delay “because I didn’t see a login alert” — exports are sometimes the first obvious sign.
What to do now
-
Stop using the email as your navigation.
Open a new tab or the official app and sign in by typing the address yourself or using a trusted bookmark. -
Check inside the account whether an export is actually pending/ready.
Look for “Privacy,” “Security,” “Download your data,” or “Data export.”- If you don’t see an export or related activity in the account, treat the email as phishing (skip to steps 7–8).
- If you do see an export you didn’t request, proceed as if the account is compromised.
-
If you can’t sign in, use the provider’s official account-recovery process.
Go to the service’s help center/recovery pages (not via the email). Once you regain access, continue with the steps below. -
End other sessions, then reset credentials and add 2FA.
In the service’s security settings (order may vary by service):- Sign out of all devices / revoke all sessions.
- Change your password to a new unique one.
- Enable 2FA (authenticator app or security key if offered; avoid relying only on SMS if you have stronger options).
-
Remove persistence: check recovery info, forwarding, and connected apps.
Attackers often add ways back in. Check for:- Unrecognized recovery email/phone or secondary addresses (remove them).
- Email forwarding / filters / rules (especially if this is your email account).
- Connected apps / “authorized applications” / API tokens you don’t recognize (revoke).
- Unrecognized devices on the account (remove/revoke).
-
Cancel/revoke the export if possible, and capture proof.
If there’s “Cancel export,” “Delete download,” or similar, use it.
Take screenshots of the export page and “recent sign-in/activity” details (device, time, location) for support. -
Report the message using safe channels.
Mark it as phishing in your email provider/app (use the built-in “Report phishing” feature). If your organization has an internal reporting button/address, use that. -
If you suspect identity theft, start an official record (USA).
If you see signs like new accounts you didn’t open, tax/benefits misuse, or financial alerts you can’t explain, follow the guided reporting and recovery steps on the U.S. government identity theft site. -
If it’s a work/school account, contact your IT/security team immediately.
Use your organization’s normal helpdesk/security channel (not the email). Ask them to review sign-ins, revoke sessions, and confirm whether a data export was initiated.
What can wait
- You don’t have to decide right now whether to delete the account or change every device setting.
- You can postpone deep cleanup (reviewing every connected app, refreshing passwords on low-priority accounts) until after you’ve secured access and enabled 2FA.
- If you’re back in control, you can later watch for follow-up alerts and review the account’s data/download settings more carefully.
Important reassurance
“Data export ready” emails are designed to trigger urgency—either by scammers or because exports really can be sensitive. You’re not behind if you move slowly and methodically: don’t click, verify from the official site/app, then lock the account down.
Scope note
This is first-step guidance to reduce immediate harm and stop further access. If you confirm an export was created, you may later need more detailed help from the platform, your employer/school, or identity theft support, but you don’t need to solve everything at once.
Important note
This is general information, not legal or professional advice. Different services handle exports and security controls differently; use the closest matching settings in your account. If you can’t confirm what happened, prioritize not clicking the email, securing the account through official channels, and reporting the message.