In this article:
Identity theft and fraud protection for your finances, personal info, and devices.
Should You Be Worried If Your SSN Is on the Dark Web?
Earlier this year, thousands of Oakland residents filed injury claims with the city. When doing so, little did they know that their Social Security numbers (SSNs), driver’s license numbers, home addresses, and other sensitive information would be leaked on the Dark Web [*].
This story is a grim reminder of what can happen when private data falls into the wrong hands. And unfortunately, the recent incident in Oakland is not an isolated event.
There were 1,862 publicly reported data breaches in 2022, the highest number ever for a single year [*]. What’s even more alarming?
Many cybersecurity experts believe that every SSN has been leaked to the Dark Web at least once [*].
So, what happens if your SSN falls into the wrong hands and ends up on the Dark Web?
In this guide, we’ll show you how to find out if your SSN is on the Dark Web, what to do if it is, and how to protect your sensitive personal information from scammers and cyberattacks.
How To Know If Your SSN Has Been Leaked on the Dark Web
The Dark Web is a hidden part of the internet that’s only accessible through special browsers, such as the TOR browser.
Unlike the Surface Web, which contains websites you can easily access and find through search engines like Google (such as Amazon, Netflix, etc.), the Dark Web is encrypted, anonymous, and hidden from most average users.
When your personal information is leaked in a data breach (or stolen through hacking, malware scams, or phishing attacks), it most likely turns up on Dark Web marketplaces.
Because most people don’t use the Dark Web, it's hard to know for sure whether your SSN has been compromised — or if someone is using your identity.
Here are some ways you can check to see if your SSN was leaked to the Dark Web:
- Check recent data breaches using a free Dark Web scanner. Free scanners won’t check for your SSN, but they can tell you if your email was found in a recent data breach. From there, all it takes is a quick Google search to find out what sensitive information might have been lost in that breach. You can use Identity Guard’s free Dark Web scanner to see if you’re at risk.
- Sign up for SSN monitoring. An SSN monitoring service scans the Dark Web, public forums, and data brokers for your SSN and alerts you if your personal information is found.
- Look out for data breach notifications. Pay attention to data breach notifications from companies to which you've submitted personal information, even if it’s just your email or phone number. Companies are required to notify customers of breaches.
- Monitor your mySocialSecurity account. Keep an eye on your account for unusual changes or activities — similar to checking your email for spam and phishing messages.
- Regularly review your credit reports. If scammers have your SSN, they could use it to open new accounts or take out loans in your name. Regularly review your credit reports from the three major credit bureaus (Equifax, Experian, and TransUnion). Until the end of 2023, you can get a free credit report each week from all three bureaus at AnnualCreditReport.com.
- Pay attention to IRS notifications or tax-related issues. If someone is using your SSN for employment or tax fraud, you may receive notices about unreported income (or other discrepancies) through the IRS notification system.
Can You Remove Your SSN From the Dark Web?
If your SSN is found on the Dark Web, it's nearly impossible to remove. Instead, you should try to figure out what additional information has been compromised — such as your credit card numbers, home address, or phone number — so you can mitigate the damage.
In some cases, law enforcement may step in, such as when the FBI took down the illicit SSNDOB Dark Web marketplace — which was selling stolen SSNs (and more) from roughly 24 million Americans [*].
While it can be scary to know that your personal information is circulating on the Dark Web, your best defense is to stay informed, be proactive, and take the appropriate steps to safeguard your digital identity against potential scammers.
Was Your SSN Found on the Dark Web? Here’s What To Do
- Freeze or lock your credit with all three bureaus
- Contact companies where your SSN was used
- Perform a full Dark Web scan
- Update your passwords, and enable 2FA
- Sign up for myE-Verify, and “self-lock” your SSN
- File a report with the FTC
- Check your credit reports and bank statements
- Lock your SIM with your cell phone provider
- Sign up for identity theft protection, Dark Web monitoring
If you think or know your SSN was leaked to the Dark Web, you can take steps to minimize the damage and protect yourself from identity theft and fraud.
Here’s what to do:
1. Freeze or lock your credit with all three bureaus
Cybercriminals can use your SSN to open new accounts and take out loans in your name.
To avoid this, it’s a good idea to freeze or lock your credit. This step restricts access to your credit file, stopping lenders from extending credit to scammers who may be using your identity. Credit freezes are free and won’t impact your credit score. However, credit locks, which allow you to instantly lock and unlock your credit file, are usually paid services.
How to freeze your credit with all three bureaus:
You’ll need to request a credit freeze from each of the three major credit bureaus individually — Experian, Equifax, and TransUnion. They will each ask for personal data and provide a secret PIN to freeze or "thaw" your file when needed.
Here’s the contact information for each bureau:
2. Contact companies where your SSN was used
If a scammer has already used your SSN to open new accounts, contact the companies immediately. For example, if someone has used your SSN to take out a mortgage, notify the lender or financial institution as soon as possible to let them know that the application was fraudulent.
You may also need to contact government agencies — such as the Internal Revenue Service (IRS) or Department of Motor Vehicles (DMV) — if scammers have used your SSN to file a fraudulent tax return or obtain a driver’s license in your name.
How to report fraudulent use of your SSN:
- Make a list of every place (including stores, agencies, etc.) where you know your SSN was used. Gather evidence, such as account statements, credit reports, or notifications of new accounts.
- Reach out to the company or agency’s fraud department. Explain that you’ve been the victim of identity theft and ask what they need from you. They may request an FTC identity theft affidavit or police report to close any fraudulent accounts.
- Keep a running list of impacted companies. As you uncover the full damage of the leak, you may discover more places where your SSN was fraudulently used.
💡 Related: What To Do If a Scammer Has Your Social Security Number →
3. Perform a full Dark Web scan
If your SSN has been found on the Dark Web, there’s a good chance that other sensitive information might be out there as well.
While free Dark Web scans only show leaked passwords and email addresses, a Dark Web monitoring service can warn you if your other sensitive information has been leaked — including your SSN.
How to scan the Dark Web for your information:
- Sign up for a Dark Web monitoring service. For example, Identity Guard monitors your most sensitive information — including your SSN, passport number, and other critical data — on the Dark Web, in public records, and more.
- Know what to do if you get a Dark Web alert. These notifications will tell you that your information has been compromised — but it’s up to you to act on them. For example, if a password has been leaked, update it immediately and enable two-factor authentication (2FA) on that account. If your bank account number was compromised, it’s a good idea to close the account and open a new one.
💡 Pro tip: Keep constant tabs on your personal and financial accounts. Identity Guard can alert you in near real-time if someone has gained access to your information and is trying to steal your money or identity. Save 33% when you sign up for Identity Guard today.
4. Update your passwords, and enable two-factor authentication (2FA)
Passwords are among the most commonly leaked pieces of sensitive personal information. You can use Identity Guard’s free Dark Web scanner to see which accounts are at risk. Then, for added security, enable 2FA on every account that allows it — especially your online bank, email, and social media accounts.
2FA is like having an extra lock on your digital door, requiring both your password and a unique code or verification method to keep your accounts safe.
Steps to enhance account security:
- Use strong and unique passwords. Choose passwords that are hard to guess. A combination of upper and lowercase letters, numbers, and special characters is ideal. Don’t reuse passwords (or variations of them), as this gives scammers easy access to multiple accounts if your credentials get leaked.
- Enable 2FA on your accounts (ideally with an authenticator app). Most people opt to have 2FA codes sent to their phone, but scammers can intercept these if they take over your SIM card. Instead, use an authenticator app like Authy or Google Authenticator to receive codes.
- Store your passwords in a secure password manager. Identity Guard’s password manager keeps all of your passwords in a safe place that you can easily access when you need them. This enables you to use unique passwords for every account but not need to worry about remembering them. Identity Guard can even warn you if your passwords have been compromised and should be updated.
5. Sign up for myE-Verify, and “self-lock” your SSN
The Social Security Administration’s (SSA) myE-Verify website shows a record of jobs you’ve had (this is where your employer checked your SSN before hiring you). It also allows you to “lock” your SSN to stop scammers from using your SSN to illegally obtain employment in your name.
How to self-lock your SSN:
- Head to the SSA website. You’ll be asked to create an account with the U.S. Citizenship and Immigration Services (USCIS). If you already have an account, you can log in by using your username and password.
- Once registered, activate the "self-lock" feature. If an employer enters your locked SSN in E-Verify to confirm employment authorization, it will result in an E-Verify Tentative Nonconfirmation (mismatch).
💡 Related: How To Find Out If Your Information Is On the Dark Web →
6. File a report with the FTC
If you find out that your SSN has been leaked to the Dark Web, it’s important to report it.
Inform the Federal Trade Commission (FTC) that your SSN has been found on the Dark Web and ask to file an identity theft report. Even if your information hasn’t been used maliciously yet, filing a formal claim with the FTC can help you if you need to dispute fraudulent charges, accounts, or crimes.
- Use IdentityTheft.gov to report your compromised SSN and get a customized fraud recovery plan from the FTC.
- If you know the person who has used your SSN fraudulently, you should file a police report for identity theft.
Keep all records and reports in a safe space, as you may need them while you recover from fraud.
7. Check your credit reports and bank statements
If fraudsters are using your stolen SSN, it will most likely show up on your credit reports and bank or credit card statements. If your SSN has been leaked, you’ll want to keep a close eye on your financial accounts.
How to monitor your finances and bank accounts:
- Review your bank statements as soon as you get them. Don’t ignore statements. If you receive them in the mail, go over them carefully as soon as they arrive — or at least weekly from your online account or mobile banking app.
- Set a transaction limit on your accounts. Most banks will allow you to set withdrawal limits or transaction ceilings that will trigger a fraud alert. Many credit card companies also employ their own fraud detection services. But be careful of any fraud alert sent via text or email, as this is a common phishing scam tactic used by fraudsters.
- Sign up for a credit monitoring service. These services monitor your credit files with the bureaus to warn you if someone is trying to take out loans or open accounts in your name. It’s always a good idea to choose three-bureau credit monitoring so that you don’t miss the early warning signs of fraud.
Pro tip: Identity Guard monitors your credit file at all three bureaus and can warn you in near real-time about changes and potentially fraudulent activity. Save 33% when you sign up for Identity Guard today.
8. Lock your SIM with your cell phone provider
One of the lesser known ways that scammers target you is by convincing your phone provider to send them a new SIM for your account. Known as a “SIM swap,” this scam gives fraudsters full access to your phone number — which means all calls and texts go to them, including 2FA codes and password reset links.
To lock your SIM, you’ll need to contact your cell phone provider and ask them to set a custom PIN to lock and unlock your SIM.
💡 Related: How To Know If Someone Is Using Your SSN →
9. Consider signing up for identity theft protection
If your SSN has been compromised, it’s only a matter of time before your identity is stolen. Rather than wait to deal with the consequences, identity theft protection services can help keep your accounts safe, warn you early if you’ve become a victim, and help you recover your identity through dedicated support teams and identity theft insurance coverage.
With Identity Guard, you get:
- Award-winning identity monitoring and notifications. Identity Guard monitors your most sensitive information — including your SSN — on the Dark Web, in public records, and more. If anything is found, you’ll receive an alert along with guidance on what to do.
- Three-bureau credit monitoring with fraud alerts in near real-time. Identity Guard monitors your credit files and financial accounts (bank, credit card, investment, etc.) and warns you of suspicious activity or changes.
- Support from U.S.-based Fraud Resolution Specialists. If you need help, Identity Guard’s dedicated team is available to answer your questions or even facilitate three-way calls between you and your bank or government agencies.
- Digital security tools to keep your online accounts safe. Every Identity Guard account comes with a secure password manager as well as Safe Browsing tools to warn you of fake websites.
- Up to $1 million in identity theft insurance. If the worst should happen, every adult on an Identity Guard plan is covered for up to $1 million in eligible losses, such as stolen funds, lost wages, lawyer fees, and more.
What Can Scammers Do With Your Social Security Number?
- Target you with sophisticated phishing attacks. While your SSN is a valuable piece of data, hackers are often after other information — especially your account logins [*]. If your SSN is stolen, scammers may use it to trick you into sending them money or giving up other information via phishing attacks.
- Take out credit cards or loans in your name. Scammers might attempt to take out new credit cards or loans in your name by using your SSN. Once they successfully open a credit account, they can spend frivolously, leaving you with significant amounts of debt.
- Get a fraudulent driver’s license. Do you keep your Social Security card in your wallet? If your purse or bag gets stolen, cybercriminals have enough information to get a fraudulent license with your credentials.
- Open a new bank account in your name (or gain access to your account). To open a new bank account, you just need an SSN, address, and birthday. If scammers find this information on the Dark Web or on social media, they can open new bank accounts in your name — or gain access to your existing accounts.
- Steal your benefits and Social Security checks. If you receive Social Security or Medicare benefits, a scammer could intercept your checks or apply for benefits using your SSN.
- Obtain illegal employment in your name. When your SSN and other personal information is leaked on the Dark Web, cybercriminals may use those details to steal your identity. They could go as far as getting a job in your name.
- Commit tax fraud. Scammers can use your SSN to file fraudulent tax returns and commit other tax crimes. If you’re owed a tax refund, it’s also possible that hackers could get access to the money you’re owed.
💡 Related: How To Check If Someone Opened an Account In Your Name →
Can You Change Your SSN If It Was Leaked?
If your SSN has been found on the Dark Web, you might assume that the safest bet is to get a new number. But is this an option? It depends.
The Social Security Administration (SSA) is often reluctant to change someone’s SSN because this can lead to issues with the person’s credit report, earnings history, and even complicate applications for passports, loans, and IDs.
There are only five scenarios in which you can ask for a new SSN:
- When you're dealing with non-stop financial and identity fraud because of identity theft
- If you're facing personal threats like harassment, stalking, or domestic violence
- When you have religious or cultural objections to the numbers
- If someone else already has your SSN
- When you have issues with sequential numbers assigned to your family
If you believe one of the above scenarios is applicable to you, follow these steps on how to change your Social Security number.
How To Keep Your Sensitive Information Off the Dark Web
Ultimately, the best thing you can do to protect yourself from identity theft is keep your sensitive information private, secure, and off the Dark Web.
Here are a few ways you can secure your identity from scammers and hackers:
- Create unique passwords and enable two-factor authentication (2FA). Make sure you're using different passwords for each account and enable 2FA whenever it's available. This adds an extra layer of security that makes it much harder for hackers to gain access to your accounts — even if they have your password.
- Use a password manager. A password manager stores all of your passwords in one secure place and gives you access to them when you need them. This makes it much easier for you to use complex passwords (as you don’t have to worry about remembering them all). Every Identity Guard membership comes with access to a robust password manager.
- Be cautious with sensitive information. Be selective about which websites and companies you trust with your data. Only provide your SSN, email address, and other sensitive information when absolutely necessary.
- Use antivirus and VPN protection. Safeguard your devices with reliable antivirus software and a virtual private network (VPN). A VPN hides your IP address and encrypts your data — making it more difficult for hackers to target you.
- Update software regularly. Software updates often include security patches that help protect your devices from new threats. Always keep your operating system, apps, and web browsers up to date.
- Be wary of phishing attempts. Always be cautious with emails, texts, and messages from unknown sources. Scammers often use manipulative tactics to trick you into revealing sensitive information or clicking on malicious links.
- Limit your digital footprint. Be mindful of what you share online. The more personal information that you post on social media, the easier it is for scammers to piece together your identity.
- Educate yourself. Stay informed about the latest cybersecurity threats and best practices. Knowledge is power — the more you know, the better you'll be at protecting yourself and your family.
The unfortunate truth is that everyone is at risk of identity theft.
For added security and peace of mind, sign up for Identity Guard today. Identity Guard monitors your most sensitive data — from your SSN to your bank account — and alerts you to any suspicious activity. If the worst should happen, you’ll be covered by Identity Guard’s White Glove Fraud Resolution support and up to $1 million in identity theft insurance.