What to do if your Social Security number is on the dark web

The dark web is a hidden, unregulated part of the internet, which makes it a hotbed for hackers selling stolen personal information, including Social Security numbers (SSNs).

If your Social Security number is on the dark web, you need to take immediate steps to protect against identity theft and financial fraud. This guide will help you determine if your SSN is at risk and explain how you can limit your vulnerability.

How to find out if your SSN is on the dark web

Key signs your SSN is on the dark web include alerts from dark web scanners or data breach detection tools, suspicious activity involving your Social Security number, and unfamiliar accounts or debts on your credit reports.

Here’s a deeper look at some ways to find out if your SSN may be exposed on the dark web:

• Use a dark web scanner: A dark web monitoring tool, or dark web scanner, crawls websites and databases across the dark web searching for your SSN. If it finds your information, it’ll send you an automatic alert so you can take action to help protect yourself.
• Sign up for data breach alerts: Data breach detection tools monitor for new data breaches and send alerts if your information is compromised. This empowers you to quickly take key steps to protect yourself in the aftermath of the breach, like freezing your credit and updating passwords for key accounts.
• Check your Social Security statements: Monitoring your my Social Security account or paper statements for suspicious activity can help you discover if your SSN has been compromised and potentially sold to an identity thief on the dark web. SSN monitoring tools can also automatically alert you to potential Social Security fraud, such as your SSN being used in credit applications.
• Monitor your credit reports: Checking your credit report regularly will help you spot signs of fraud, like new accounts you didn’t open. You can also invest in a credit monitoring service to get automatic alerts whenever key changes are made to your credit file so you can act quickly to fight fraud.

Can you remove your Social Security number from the dark web?

It’s almost impossible to remove your SSN, or any other personal information, from the dark web. Dark web websites have little to no legal accountability since they’re often owned and moderated anonymously, and data may be spread across multiple sites, making it hard to track down.

However, discovering that your SSN is on the dark web means you can take steps to protect against identity theft. And, in rare cases where you’re unable to protect yourself and are experiencing significant issues resulting from SSN exposure, you may qualify for a new Social Security number.

What to do if your Social Security number is on the dark web

If you find out your SSN was leaked on the dark web, consider freezing your credit or placing a fraud alert immediately to help prevent new accounts from being opened in your name. You should also lock your SSN to restrict identity thieves from using it and create an IP PIN to prevent criminals from filing fraudulent tax returns.

You can also report the theft to the Social Security Administration (SSA) and the Federal Trade Commission (FTC). These organizations can provide guidance on what to do next, and your report may contribute to future investigations of fraudulent activity.

1. Freeze your credit

A credit freeze restricts access to your credit report, making it much harder for identity thieves to open new accounts in your name. If your Social Security number is found on the dark web, this step can help keep criminals from taking out credit cards, loans, and other financial products in your name.

To freeze your credit, you’ll need to submit a request with each of the three major credit bureaus individually. You can do this online, by phone, or by mail, using the details below:

Note that placing a freeze will also impact your ability to apply for credit. If you want to make a new application, you may need to temporarily unfreeze your credit to allow creditors to access your credit report and review your eligibility.

If you need access to your credit but still want some protection, consider setting up a fraud alert. This is a free notice you can place on your credit report that lets creditors know you’re at a higher risk for identity theft and requires that they verify your identity before approving new credit applications.

2. Lock your SSN

Social Security’s Self Lock feature keeps thieves from using your SSN for work authorization, which can help you avoid problems resulting from employment identity theft.

You can lock your SSN through myE-Verify, a U.S. Citizenship and Immigration Services website. Just log in, answer three security questions, and activate Self Lock.

However, remember to unlock your SSN if you’re applying for a job with an employer that uses E-Verify. If you don’t, it could cause a delay in the hiring process.

3. Get an IP PIN

An IP PIN, or Identity Protection Personal Identification Number, is a six-digit number the IRS assigns to help them verify your identity when you file a tax return. You should create one as soon as you discover that your SSN is on the dark web. Otherwise, an identity thief could file a fraudulent tax return using your SSN and claim a refund before you do.

You can request an IP PIN by creating an IRS account, verifying your identity, and following the on-screen instructions. After completing the verification and confirming that the IRS’ information is accurate, click Enroll in IP PIN.

4. File a report with the SSA

Submitting a fraud report to the SSA will provide them with valuable information they can use to investigate Social Security fraud, such as suspicious benefits claims or work authorization requests. This report also acts as a formal record of the breach, which can be useful to refer to later if you need to fight the consequences of identity theft.

To file a report, you can call the Office of the Inspector General’s fraud hotline at 800-269-0271 or submit a fraud report online. Be prepared to provide any evidence you have of the theft, such as a dark web alert, a copy of your credit report, or screenshots of suspicious activity on your accounts.

5. File a fraud report with the FTC

If your identity is stolen because your SSN was exposed on the dark web, file an identity theft report with the FTC. You’ll receive helpful guidance covering the next steps to take and create a permanent record of the incident, which can be helpful when communicating with credit bureaus or banks as you try to resolve issues.

The FTC may also use your report to help establish identity theft trends, which can contribute towards future legal action or the creation of new resources that can help other potential victims.

What can happen if your SSN leaks to the dark web?

Even if the person who stole your SSN and listed it on the dark web hasn’t already used it to steal your identity, anyone who buys or discovers it can. Someone with your SSN may access other sensitive information or commit various forms of fraud that affect your finances, Social Security, healthcare, or legal situation.

If your SSN is listed on the dark web, you may be vulnerable to:

• Financial fraud: An identity thief with your SSN may be able to open accounts, apply for credit, or make fraudulent purchases in your name. They could even get access to your existing financial accounts and steal your money directly.
• Fraudulent tax returns: Fraudsters can impersonate you with your stolen SSN and file a false tax return, claiming any refunds you’re eligible for before you can.
• Medical fraud: Scammers with your SSN may be able to commit medical identity theft. They could obtain medical services and prescriptions in your name or file false insurance claims using your details.
• Legal issues: Identity thieves with access to your SSN may use your information in criminal identity theft, impersonating you if they’re caught committing crimes. Even though you’re innocent, you can still get caught up in legal issues that take time and effort to resolve.

Beyond the financial and privacy implications, SSN exposure can also cause emotional distress and consume significant time and resources to resolve.

Ways your SSN could get on the dark web

Data breaches and phishing attacks are two of the most likely ways for criminals to get hold of your Social Security number to sell or list on the dark web. However, your SSN can also be compromised by malware lurking on your computer, fake forms on unsafe websites, through mail theft, or if you lose your wallet and it falls into the wrong hands.

Here’s a more detailed look at some of the ways your SSN could be stolen by scammers, fraudsters, or cybercriminals and later end up on the dark web:

• Data breaches: Hackers that get unauthorized access to a company’s databases can steal information, including Social Security numbers, to use in identity theft or sell on the dark web.
• Phishing: Phishing attacks, where cybercriminals trick you into sharing personal information in an email or via a malicious link to a site that steals your data, can target Social Security numbers. This is also called smishing when the scheme is carried out over text rather than email.
• Stolen wallet: If you carry your physical Social Security card in your wallet, losing it can put you at risk of your SSN ending up on the dark web or being used directly in identity theft.
• Mail theft: Mail thieves aim to intercept confidential mail that includes your SSN or other sensitive data they can sell to cybercriminals on the dark web. Discarding these documents without shredding them can also give dumpster-diving thieves access to your SSN.
• Malware: Various types of malware, including keyloggers and data-stealing trojans, can capture your SSN as you enter it online and transmit the data to cybercriminals, who can then list it for sale on the dark web.
• Insider threats: Insider threats, such as disgruntled or untrained employees at healthcare, welfare, or financial institutions, can expose your SSN without your knowledge or permission.

Tips to keep your SSN off the dark web

As identity thieves become more advanced, you need to combine personal information protection, document handling, and cybersecurity best practices to protect your SSN.

This includes storing your Social Security card securely, using strong passwords to protect sensitive online accounts, enabling two-factor authentication, using cybersecurity tools, being on the lookout for phishing scams, and correctly disposing of documents containing your SSN.

Here are some steps you can take to keep your Social Security number away from hackers and the dark web:

1. Store your Social Security card in a secure location like a fireproof safe or locked drawer to protect it from being stolen or damaged.
2. Boost your online security by creating stronger passwords for key accounts, like those for your bank, credit card issuer, healthcare providers, and the SSA. Also consider using two-factor authentication to add an extra layer of account protection.
3. Use cybersecurity tools like reputable antivirus software to protect against malware, a virtual private network (VPN) to keep your internet connection secure, and a password manager to make remembering strong passwords easier.
4. Be wary of suspicious communications, including those claiming to be from the SSA and other organizations, to help safeguard against potential phishing attacks or social engineering schemes designed to steal your SSN.
5. Shred sensitive paper documents when you no longer need them to protect your SSN from dumpster divers.

Find out if your personal information is on the dark web

The dark web might seem like a mysterious place, but it’s relatively simple to safeguard against the risks of your sensitive information leaking there. Follow the tips above to help protect your SSN from being stolen and listed on the dark web. Then join LifeLock Standard for dark web monitoring that alerts you if your information is compromised.

As a LifeLock member, you’ll also benefit from a range of additional features that can help keep your identity safer, including notifications of data breaches involving your information and alerts if your Social Security number is used in potentially fraudulent credit applications.