SSN leaks: protection tips and major incidents

Your Social Security number (SSN) is valuable to criminals because it’s directly tied to your identity. If your SSN is leaked, identity thieves can use it to file fraudulent tax returns, open credit card and bank accounts, or otherwise impersonate you long after the leak event itself.

In this article, we’ll explain how several recent, high-profile Social Security number leaks occurred, what happened in each case, and how you can help protect yourself if your SSN is exposed.

What is a Social Security number leak?

A Social Security number leak is when your SSN is exposed to unauthorized individuals. Because an SSN is a permanent identifier that can only be changed under exceptional circumstances, a single leak or breach incident can increase your risk of identity theft for years down the road.

Once leaked, SSNs may appear on the dark web, where personal data can be traded by cybercriminals. From there, they might be picked up by fraudsters who attempt to use them to open bank accounts, take out loans, file false tax returns, and more, all in the victims’ names.

Given the potentially drastic consequences of SSN-based identity theft, major data breaches that include Social Security numbers are often headline news — at least in the cybersecurity world.

How do Social Security number leaks happen?

Social Security number leaks often occur through data breaches at organizations that store sensitive personally identifiable information (PII). Cybercriminals may gain access by exploiting weak security practices or targeting employees with phishing attacks. In other cases, SSNs are exposed due to human error, such as misconfigured servers or unsecured databases.

Data handling by third-party vendors and data brokers can also increase exposure risk. When your personal data is shared across multiple systems by companies that don’t follow the same security standards, it becomes more vulnerable to the risk of leaks.

Risks associated with SSN breaches

Stolen SSNs may be used to commit Social Security fraud or welfare fraud, open new credit cards or bank accounts, file fraudulent tax returns, or apply for loans in the victim’s name. The thief reaps the benefits and you’re left to sort out the mess. For example, if someone files taxes using your SSN, it could delay your refund, harm your credit, and derail your financial plans.

In some cases, SSNs are combined with other leaked data, such as medical records, employment history, or login credentials. This can lead to more complex forms of fraud, including medical identity theft, government benefits fraud, or fraudulent background checks, making recovery more difficult and time-consuming. Unfortunately, the identity theft recovery process may take years.

Major Social Security number leaks

The following examples show how SSNs have been compromised across industries, sometimes affecting millions of individuals at once.

1. National Public Data breach

In 2024, National Public Data (NPD), a data broker, disclosed a large-scale Social Security number breach involving personal information tied to millions of individuals. The exposed data reportedly included names, dates of birth, and addresses, alongside Social Security numbers, creating a significant risk of identity theft for those affected.

The breach, which occurred in late 2023, was later compounded by additional security failures. KrebsonSecurity reported that another data broker with access to NPD’s records had accidentally published database passwords on its homepage, highlighting systemic vulnerabilities in the data broker ecosystem.

Because National Public Data collects information from many sources, some victims may not have realized their data was stored by the company until after the breach was announced.

This breach highlights the importance of taking steps to remove your information from data broker sites.

2. DOGE incident

In 2025, a whistleblower complaint alleged that personnel associated with the Department of Government Efficiency (DOGE) uploaded sensitive personal information of millions of Americans to an unsecured part of the Social Security Administration’s server.

According to ABC News, the data includes information that is collected when people apply for a Social Security card — like names, dates of birth, and SSNs — raising concerns about a potential security incident. Investigations about this alleged risk are ongoing.

3. AT&T breach

In 2024, AT&T announced two different data breaches. In March, a dataset that contained personal information, including Social Security numbers associated with customer records, was uploaded to the dark web. The company stated that the exposure wasn’t caused by compromise of its systems.

In July of 2024, AT&T announced that records of calls and text from 2022 were downloaded from the third-party platform Snowflake. In this incident, no Social Security numbers were leaked, but the cybersecurity experts told the Associated Press that the data could be used to trace users. Lawsuits were filed over both incidents and were consolidated and settled together.

If you suspect your personal information was exposed following a data breach, use a data breach checker to scan the dark web.

4. Change Healthcare incident

Change Healthcare, a subsidiary of United Healthcare, experienced a ransomware attack in 2024 that led to the exposure of sensitive personal and medical information, including Social Security numbers. According to HIPAA Journal, attackers accessed systems and exfiltrated data. They then encrypted key files and demanded a ransom payment.

The company reportedly paid a $22 million ransom to the BlackCat/ALPHV ransomware group. However, the stolen data was later leaked by RansomHub, a separate ransomware group that obtained the data after BlackCat failed to pay the affiliate who conducted the attack.

Social Security number breaches involving healthcare organizations are particularly damaging, as SSNs may be combined with medical details to commit medical identity theft.

5. DISA Global Solutions breach

In 2024, DISA Global Solutions, a company that provides background screening and employment services, reported a data breach that exposed personal information belonging to job applicants. According to Halock Security Labs, the compromised data included Social Security numbers, financial account information, and employment-related records.

The incident resulted in a class action lawsuit against the company. While DISA stated there was no evidence the SSN leak had been misused at the time of disclosure, remember that consequences of identity theft can occur months or years after an SSN breach.

6. LexisNexis breach

LexisNexis, a major data brokerage company, disclosed a data exposure event related to a third-party software integration. Although the breach happened in December 2024, it wasn’t detected until April 2025. According to The Verge, sensitive consumer information, including Social Security numbers, was accessed through a publicly exposed GitHub account connected to a development environment.

SSN leaks involving data brokerage platforms demonstrate how personal information may be stored, shared, and exposed without consumers being fully aware of where their data resides.

7. PowerSchool breach

PowerSchool, an education technology provider used by schools nationwide, disclosed a December 2024 data breach affecting students, parents, and educators. According to Spectrum Local News, attackers accessed the platform using compromised credentials rather than exploiting a software vulnerability.

The exposed data reportedly included Social Security numbers and other sensitive personal information. Credential-based SSN leaks highlight the importance of strong authentication and data privacy practices, as leaked login information can be used to steal data.

8. Connex Credit Union incident

Connex Credit Union reported a cyber incident in which hackers gained unauthorized access to its systems and accessed customer data, including Social Security numbers. According to SecurityWeek, no customer funds were taken, but personal information was exposed.

Hacks tied to financial institutions can put your finances at risk as well as your personal information.

What to do if your Social Security number is leaked

If your SSN was leaked, act quickly. Freeze your credit, brush up on how to report identity theft, and invest in identity theft protection to reduce the chance of identity theft:

1. Consider placing a credit freeze or fraud alert with the major credit bureaus to help prevent new accounts being opened in your name.
2. Review your credit reports regularly for unfamiliar accounts, inquiries, or changes. A credit monitoring service can help you spot changes as they appear.
3. Contact the IRS if you believe your Social Security number may be used for tax-related fraud, and learn the red flags of IRS tax scams.
4. Stay informed by monitoring for updates from the organization responsible for the data breach, as additional guidance or remediation steps may become available.
5. If your identity was stolen, report it to the Federal Trade Commission (FTC). You may also consider filing a report with your local police department and the FBI’s Internet Crime Complaint Center (IC3).
6. Invest in services that provide identity and Social Security alerts, like LifeLock. You’ll be notified if your SSN or other PII is detected in applications for new lines of credit so you can act quickly.

How to protect your Social Security number from data leaks

Steps you can take to help protect your SSN include securing your online accounts with 2FA, watching out for phishing attacks, and limiting who you share your personal information with.

While there’s nothing you can do to prevent data breaches at large organizations, if one occurs and your SSN is exposed, freezing your credit and monitoring for signs of identity theft can help protect you from some of the consequences of SSN leaks.

• Sign up for 2FA: Two-factor authentication (2FA) adds an extra layer of security to your online accounts, helping prevent account takeover attacks that could result in stolen personal data.
• Learn to recognize phishing: Learn to spot scam emails, texts, or calls. Be wary of requests for your personal information, especially your SSN. These are likely phishing attacks.
• Reduce your digital footprint: Limit the amount of personal information you share online and remove your details from data broker sites. Identity theft protection services can help with this.
• Keep your software updated: Software updates fix security flaws that hackers use to steal personal data. Turn on automatic updates to stay protected.
• Create a my Social Security account: On my Social Security, you can review your Social Security statements regularly for suspicious activity.
• Don’t carry your Social Security card: Store your SSN in a secure location at home, don’t carry it with you in your wallet.
• Freeze or lock your credit: In the event of a data breach that includes your SSN, freezing or locking your credit can help stop criminals from opening new financial accounts in your name.
• Monitor for signs of identity theft: On your credit report, look out for unfamiliar accounts, charges, or inquiries. Checking your bank statements and credit reports regularly can help catch fraud early.
• Sign up for identity theft protection: Identity theft protection can help you monitor your personal information, alert you to threats, and help you recover if your identity is stolen.

Help protect your identity after an SSN leak

If your Social Security number leaks, your broader identity could be in danger. In combination with other personal information, identity thieves could use your SSN to apply for credit cards, file for government benefits, or take out loans — ruining your credit score in the process. And it often takes victims years to recover.

LifeLock can help you monitor for early signs of identity theft so you can take preventive action before things get out of hand. You’ll also get alerts if your SSN is found on the dark web, updates about major data breaches, and reimbursement coverage if your identity is stolen.

And, if it comes to it, LifeLock’s dedicated U.S.-based restoration specialists are always on hand to provide expert guidance and support to help you recover quickly.

FAQs

What’s the difference between data breaches and leaks?

The key difference is in the intent: a data breach is intentional and usually malicious; it refers to the unauthorized access of data via malware or hacking. A data leak, on the other hand, typically results from an accident, like human error or a misconfigured system. In either event, sensitive information like Social Security numbers can end up exposed.

Have hackers ever accessed the Social Security Administration?

The Social Security Administration’s database has never been hacked. At least, there’s no public evidence that it ever has. However, there are plenty of other ways that hackers can access Social Security numbers, particularly through other organizations that store or collect them.

How do data leaks occur?

Data leaks can occur in a number of ways, including compromised credentials, phishing attacks, misconfigured servers, or unsecured third-party software integrations. Poor security practices and human error also play a frequent role in the accidental exposure of sensitive data.

Will my identity be stolen if my SSN is leaked?

Nothing is for certain, but if your Social Security number is leaked, it definitely increases the chances. Criminals may not act for months or years after they obtain your Social Security number, making constant monitoring and protective actions an ongoing concern.