Your Social Security number is probably on the dark web. Should you be worried? (2024)
Alix Martichoux
Updated:
(NEXSTAR) – Practically everyotherweek, news breaks of some sort of data breach. Just last month, AT&T revealed sensitive information for more than 70 million people – including their Social Security numbers and passwords – was found on the “dark web.”
With so many large-scale data breaches, is your personal information already out there?
“If it’s not, it will be,” said Kyle Hanslovan, CEO of cybersecurity firm Huntress.
Jay Jacobs, an analyst who worked on Verizon’s data breach reporting, told NPR in 2015 he believed 60% to 80% of Social Security numbers had already been compromised by hacks –and that was before the 2017 Equifax breach affecting 148 million people. (Nexstar reached out to Verizon for an updated figure, but was told it was not tracked in their latest research.)
Theft of Social Security numbers is so common, the federal government won’t just give you a new one, even if you can prove yours has been stolen. You’d have to prove you’ve been experiencing “ongoing problems” because of the number being misused. And in the rare case that a new number is issued, the blank slate can create a whole host of problems, the Social Security Administration warns.
But before you panic, remember that not everyone who has been victimized in a data breach will end up victimized by identity theft.
“If you’re a high-value individual that maybe has a high net worth or works at a company that they can extort you, you might actually be a real target,” Hanslovan said. “For the masses though, the everyday common person, you’re more of a target of opportunity.”
Simple measures, like freezing your credit, can reduce your exposure for these types of crimes of opportunity. That can prevent bad actors from using your Social Security number to take out loans or open new credit cards.
But most people shouldn’t spend too much time worrying about what might happen if someone gets their hands on their personal information, Hanslovan said. Instead, he advised keeping an eye on your important accounts, and make sure you’re prepared to act in the case something does go wrong.
“Maybe this is just a part of life. Like for instance, influenza. Yeah, you try to get a flu shot,” he said. “But you just start to learn to live with some of this stuff. And I think that’s a great acknowledgement of maturing beyond every security incident is doom and gloom, and we are learning to live with the world where most of our data that should be private isn’t.”
If you think someone is using your Social Security number and creating credit problems for you, you should report it at IdentityTheft.gov, the Social Security Administration says. You’ll go through the steps of putting a fraud alert on your credit reports, alerting the FTC, and possibly filing a police report. From there, you may need to go through several steps of damage control to clear your name.
“It stinks for privacy, but it kind of normalizes just what’s happening,” Hanslovan said. “It doesn’t make it right, and it definitely doesn’t wave, you know, a company’s true fiduciary responsibilities to protect your data.”
If you think someone is using your Social Security number and creating credit problems for you, you should report it at IdentityTheft.gov, the Social Security Administration says. You'll go through the steps of putting a fraud alert on your credit reports, alerting the FTC, and possibly filing a police report.
Personal information is more valuable as large datasets, and hackers are more likely to use it as ransom to obtain money from breached companies. The best chance to remove your SSN from the dark web is to get law enforcement involved, such as the FBI or the FTC, but even that is not a guaranteed solution.
Being notified that your information has been found in a data breach or on the dark web, as its name suggests, shouldn't be taken lightly. It's likely not an occasion to full-on panic, but it probably suggests some next steps.
Your phone number might end up on the dark web through data breaches from websites or companies where you've shared your contact details, often due to weak security or cyberattacks.
You can submit a report online at oig.ssa.gov or contact the OIG's fraud hotline at 1-800-269-0271. The OIG will carefully review your allegation and take appropriate action. However, they cannot provide information regarding the actions taken on any reported allegation.
Even though there's no way of removing your personal information from the dark web, once you know what information is exposed, you can take action to help protect yourself against identity theft.
Once the data is posted for sale within the Dark Web, it is quickly copied and distributed (re-sold or traded) to a large number of cybercriminals, within a short period of time. It is generally implausible to remove data that has been disseminated within the Dark Web.
A dark web alert is a way for you to be notified if your personal information appears on a dark web marketplace. It acts as a heads up and allows you to take action to protect your identity.
This is a good place to start — however, free scanners only check for email addresses (and sometimes phone numbers). To see if your financial data, SSN, or IDs have been leaked, you need to sign up for a Dark Web monitoring service.
If you're wondering “how does one's personal information get on the Dark Web?”, the answer includes data breaches, scams, and a very diverse range of cyber-attacks (phishing through email, private messages and voice calls, social media impersonation, malware infections or digital identity theft).
To start, open Google One, go to “Dark web report,” and tap Set Up > Start Monitoring. You'll then be able to choose exactly what information you'd like to keep an eye on, including your name, address, email, password, and phone number.
If you're comfortable, you can contact the website owner to request that they remove your personal contact info from the source web page. This removes the info from the web at its source, which in turn removes it from Google Search results.
If you think someone is using your Social Security number and creating credit problems for you, you should report it at IdentityTheft.gov, the Social Security Administration says. You'll go through the steps of putting a fraud alert on your credit reports, alerting the FTC, and possibly filing a police report.
If you think someone is using your number, review the earnings posted to your record on your Social Security Statement. To get your online Statement, go to my Social Security. We consider identity theft one of our major challenges. And we have joined in governmentwide efforts to prevent Social Security number misuse.
There is NO COST to place or lift a security freeze. For more information, see detailed instructions entitled “Placing a Security Freeze on Your Credit Report to Protect Yourself from Identity Theft” below. 5. Review your credit reports carefully.
Based on the information you enter, IdentityTheft.gov will create your Identity Theft Report and recovery plan. If you create an account, we'll walk you through each recovery step, update your plan as needed, track your progress, and pre-fill forms and letters for you.
You can also place what's known as a self-lock on your SSN through E-Verify® at www.e-verify.gov, a government service that employers use to confirm a job applicant's eligibility to work.
Introduction: My name is Errol Quitzon, I am a fair, cute, fancy, clean, attractive, sparkling, kind person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.