Found your SSN on the dark web? Here are your next steps

Are you concerned your Social Security number (SSN) may be on the dark web? It’s a valid concern. Your SSN is considered one of the most sensitive pieces of information because of the damage criminals can do if they manage to steal it. This can range from identity theft to serious legal troubles.

While removing your information from the dark web is all but impossible (we’ll cover why below), there are steps you can take to prevent criminals from exploiting your SSN.

Mariam Volobueva

In short:

1. Freeze your SSN.
2. Set transaction limits on your bank accounts and credit cards.
3. Freeze or lock your credit.
4. Set up fraud alerts.
5. File reports with the FTC and law enforcement. 
6. Contact lenders and let them know your SSN was stolen. 
7. Sign up for myE-Verify and self-lock your SSN.
8. Secure your online accounts with strong passwords and 2FA.
9. Lock your SIM to prevent fraudsters from intercepting 2FA codes and password reset links. 
10. Sign up for identity theft protection services. 

If you aren’t sure whether your SSN has been exposed, we’ll cover how to find that out too.

What to do if your SSN was found on the dark web

If you’ve confirmed that your SSN is indeed on the dark web (or likely to be) it’s essential to act quickly to mitigate the damage. 

Here’s what you should do:

1) Freeze your SSN

You can block electronic access to your SSN. This will prevent anyone, yourself included, from accessing or making any changes to your Social Security record. 

To freeze your SSN, call the Social Security Administration’s national, toll-free number at 1-800-772-1213 or the TTY number at 1-800-325-0778.

2) Set transaction limits on your bank accounts and credit cards

It’s important to check all your bank and credit card statements carefully for any unusual expenses. If you see any purchases you don’t remember making, it could mean someone has used your SSN to steal your identity. 

You can set a transaction limit on your accounts. If these limits are exceeded, you should receive fraud alerts. However, be wary of any alerts sent via email or SMS as these could be part of a phishing scam. 

Related: Identity Theft Statistics

3) Freeze or lock your credit

To prevent cybercriminals from taking out loans in your name and setting up new accounts with your SSN, you can put a freeze or lock on your credit with the three major credit bureaus (Experian, Equifax, and TransUnion). 

A credit freeze is free and will restrict access to your credit file and prevent lenders from extending any more credit. This won’t affect your credit score in any way. 

Credit locks usually require payment but offer more flexibility as you can instantly lock and unlock your credit file as needed. 

4) Set up fraud alerts

Whether you freeze or lock your credit, it’s also a good idea to place fraud alerts on your credit reports with the major credit bureaus. This will add another layer of security as creditors will have to take extra steps to verify it’s really you before extending any credit.

5) File reports with the FTC and law enforcement 

Next, you’ll want to file an identity theft report with the Federal Trade Commission (FTC). Not only will this allow them to start an investigation into the perpetrators, but it’ll also help you prove you’re the victim of identity theft when you need it—for example when disputing charges with lenders or pursuing legal action. 

To file an identity theft report with the FTC, visit IdentityTheft.gov. You can also use the same resource to get a customized fraud recovery plan. 

You should also file a report with law enforcement. You can reach out to your local police department on a non-emergency number or contact the FBI’s Internet Crime Complaint Center.

Once you file the reports, keep them safe for when you may need them in the future. 

6) Contact lenders

If you’ve found that your SSN has been used to set up new accounts, you’ll have to track down and contact each company in question to notify them of the fraud. This includes businesses (stores, banks, insurance companies, etc.) as well as government agencies such as the Internal Revenue Service (IRS) or Department of Motor Vehicles (DMV).  

1. Make a complete list of entities where your SSN was used to open fraudulent accounts. 
2. Compile evidence, including credit reports, bank statements, and alerts. You may also be asked to provide an FTC identity theft affidavit or a copy of a police report. 
3. Contact the fraud department of each entity to notify them of the crime. 

7) Sign up for myE-Verify and “self-lock” your SSN

If you sign up for the Social Security Administration’s myE-Verify website, you can track all the jobs you’ve had in the past (where you used your SSN). This is also where potential employers can verify your identity. 

To prevent fraudsters from using your SSN to gain employment, you can self-lock your SSN. You can do this by going to the SSA website and either creating a new account or logging in to an existing account with the US Citizenship and Immigration Services (USCIS).

Note: If a potential employer checks your E-Verify while your SSN is locked, they will see “Tentative Nonconfirmation.” 

8) Strengthen your online accounts

If your SSN is compromised, chances are your passwords have been too. You’ll want to secure all of your online accounts by setting new, unique passwords for each one. The longer the password (at least 8 characters), the better. It should also include upper and lower case letters, numbers, and special symbols. 

While you’re at it, we recommend you use a reliable password manager like NordPass to securely store all your new passwords. Never write them down on paper or in unsecured files. 

You should also add an extra layer of protection to your accounts by enabling 2FA wherever possible.

9) Lock your SIM

Setting up 2FA won’t do you any good if cybercriminals have access to your phone number. With your SSN, they can contact your service provider to receive a new SIM. This type of attack is known as a “SIM swap” and allows fraudsters to intercept your phone calls and texts—including 2FA codes and password reset links.

Contact your service provider and set up a custom PIN that allows you to lock and unlock your SIM so no one else can gain access to your phone number. 

10) Sign up for identity theft protection

Even if you haven’t noticed any signs of identity theft, if your SSN has been exposed, it’s pretty much a matter of time. You can sign up for an identity theft protection service to get ahead of identity thieves. These kinds of services can alert you to suspicious activity, keep your accounts safe, help you deal with identity theft attempts, and offer identity theft insurance.  

Can you remove your SSN from the dark web?

It’s nearly impossible to remove your SSN from the dark web. Cybercriminals use marketplaces there because they’re unregulated. Even when they are shut down, such as when the FBI took down the SSNDOB Dark Web marketplace, criminals can simply re-upload the information to another site. 

Your best bet is to figure out what other personal information may have been compromised and take steps to mitigate the potential consequences. While this may sound like a doomed cause, you can protect yourself from identity theft even if fraudsters have your SSN, as long as you act quickly and follow all the necessary steps. 

Should you change your SSN if it was leaked?

You can change your SSN but the SSA only allows this under specific circumstances. Changing your SSN can cause problems with your credit report and make applying for legal documents such as passports more difficult. Instead, in most cases, it’s best to take steps to mitigate the consequences of a stolen SSN. 

If you still prefer to change your SSN, here are the five circumstances in which the SSA will allow it:

1. You’re dealing with incessant financial loss and fraud due to identity theft; 
2. You’re a victim of online harassment, stalking, or domestic violence; 
3. Your SSN comes in conflict with your culture or religious beliefs; 
4. If someone else is already using your SSN; 
5. There are issues with sequential numbers assigned to your family.

How to check if your SSN is on the dark web

If you aren’t sure if your SSN is on the dark web, you’ll want to check first. Unfortunately, searching the dark web for your SSN without the needed technical know-how and specialized tools, such as a secure operating system, Tor browser, and VPN, can be extremely risky. We don’t recommend you try it due to the dangers and potential legal implications involved. 

Instead, here are some things you can do to safely determine whether your SSN is indeed on the dark web, without diving in yourself:

• Sign up for an SSN monitoring service that scans the dark web, data brokers, and public sources for your SSN. These services send you alerts when they find your SSN anywhere it shouldn’t be. 
• Use a dark web monitoring service that sends you alerts when your SSN or other personal information shows up on dark web forums or marketplaces. Make sure to do your research first and choose a safe and reputable service. 
• Monitor your account with the Social Security Administration (SSA) for unusual activity such as changes in your personal information or earnings in your Social Security Statement.
• Regularly check your credit reports from the three major credit bureaus (Equifax, Experian, and TransUnion) for unusual activity such as unexpected changes to your credit score.
• Keep an eye on recent data breaches. Companies may send you notifications if your data has been compromised in a data breach they’ve experienced. Even if you haven’t received a notification, keep an eye out for data breaches experienced by entities that may hold your SSN or other sensitive information. 
• Keep an eye out for IRS notifications regarding tax-related issues such as unreported income or changes to your account. 

While dark web or SSN monitoring services give you a definitive answer as to whether your SSN is on the dark web, the other methods we described are less straightforward. Any unusual activity such as that we described above is a strong indication that your SSN has likely been exposed and is circulating on the dark web. 

If you spot any such activity, we recommend you operate under the assumption that it has been. 

What can scammers do with your Social Security number?

Cybercriminals can do a lot of damage with your SSN, including:

• Stealing your identity. Identity theft is the biggest concern when it comes to a stolen SSN. Cybercriminals can impersonate you using your SSN and commit all types of fraud in your name. 
• Targeting you with scam and phishing attacks. Cybercriminals can use your SSN to obtain more of your personal information with sophisticated phishing scams. They can even trick you into sending them money by impersonating government entities or services you use. 
• Creating false IDs. Criminals can use your SSN to gain access to more information and create false IDs, driver’s licenses, passports, and other documents.
• Taking out credit or loans. Fraudsters can obtain credit cards or open credit accounts in your name, spending huge sums and leaving you with the responsibility to pay them off or risk ruining your credit.
• Opening new bank accounts. Criminals can open new bank accounts or access your existing ones with as little information as your name, address, date of birth, and SSN. Not only can they drain your existing account, but they can also use your name to move dirty money, potentially leading to legal trouble. 
• Commiting crimes. Criminals can use your identity to commit crimes and avoid prosecution, leaving you to deal with the consequences of their illegal activities. 
• Commiting tax fraud. Identity thieves can file fraudulent tax returns using your SSN, potentially gaining access to any tax refunds you’re owed or saddling you with tax liabilities they’ve incurred.  
• Stealing your Social Security checks and other benefits. Fraudsters can claim your Social Security and medical benefits or apply for new ones in your name.
• Gaining illegal employment. Using your SSN, criminals can obtain employment in your name. 
• Stalking and harassing you. Criminals can use your SSN and other information they may obtain to stalk, doxx, extort, or harass you in other ways. 

How to keep your SSN and other information off the dark web

Whether your SSN has already been stolen or not, you should take some preventative measures to protect your personal information in the future. 

Here’s what you should do:

• Limit sharing your SSN and other sensitive information. 
• Secure your accounts and devices with strong, unique passwords and enable 2FA wherever possible.
• Use a trusted password manager such as NordPass or Bitwarden to store all of your passwords securely. 
• Use a reputable antivirus and VPN service such as Surfshark or NordVPN. 
• Update your software regularly to keep your devices secure.
• Store any documents containing your SSN or other sensitive information securely and shred them before disposing of them. 
• Keep yourself and your family updated on the latest scams and cybersecurity threats. 
• Remove your personal information regularly from data brokers and people search sites to prevent cybercriminals from accessing your data.

FAQ