Did You Get an Alert That Your SSN Is on the Dark Web? Don’t Panic!
Allison Fanney was fresh out of grad school when she was hit with an unexpected IRS bill for $14,900 in unpaid taxes, penalties, and interest.
Confused and scared, she started investigating. Eventually, Allison discovered that someone had used her Social Security number (SSN) to file a fraudulent tax return – a crime that took nearly eight months for Allison to resolve [*].
According to many cybersecurity experts, it’s safe to assume that almost every American’s SSN has been compromised at least once [*] — with the majority of them turning up for sale on the Dark Web.
Using your SSN, scammers can easily open new accounts, claim Social Security benefits in your name, or steal your identity.
In this article, we’ll explain how your information ends up on the Dark Web, how to know if your SSN has been compromised, and what you can do to protect yourself online.
What Does It Mean If Your Information Is on the Dark Web?
The Dark Web is a small part of the web that isn’t indexed, meaning that it can’t be accessed by normal search engines. Instead, it can only be accessed with special browsers like Tor.
Because of its anonymity, the Dark Web is commonly used by hackers and scammers to trade and sell personally identifiable information (PII) — such as SSNs or login credentials — acquired through cybercrime.
For example, last year, hackers breached T-Mobile's databases and stole sensitive information on more than 47 million customers [*]. The stolen data included names, SSNs, and driver’s licenses — more than enough for scammers to commit identity theft, fraud, and further scams.
Other recent data breaches have affected millions of Americans who use services like Facebook, Capital One, and American Airlines [*].
With your information in hand, criminals can:
- Use leaked passwords to break into your online accounts (social media, email, banking).
- Use your stolen Social Security number to apply for benefits in your name, take out loans in your name, file fraudulent tax returns, and obtain illegal employment in your name.
- Use stolen financial information to open accounts or request new credit cards for which you will be responsible.
- Use leaked personal information (address, phone number, credit card numbers) to target you with sophisticated phishing and social engineering attacks.
💡 Related: Deep Web vs. Dark Web — What You Need To Know →
Can You Remove Your SSN (and Other Info) From The Dark Web?
Unfortunately, it’s virtually impossible to remove your SSN or other information from the Dark Web once it’s been put up for sale.
Stolen data is stored on unregulated marketplaces, out of the reach of authorities. Even if the data is taken down from one site, cybercriminals can simply re-upload it elsewhere. Therefore, you need to be proactive about knowing what information has been compromised and then secure your digital identity from scammers.
Here’s What To Do If Your SSN Was Found on the Dark Web
- Do a full Dark Web scan
- Freeze or lock your credit
- Update passwords, enable 2FA
- Check your credit report, bank statements
- Sign up for myE-verify and “self-lock” your SSN
- Report the fraud to authorities
- Sign up for identity theft protection
If your SSN was found on the Dark Web, you need to act quickly to mitigate the potential danger. Here’s what you should do:
1. Do a full Dark Web scan to see what information hackers have
A Dark Web scanner searches the depths of the internet for your personal information. Scanners can tell you whether your credit card details, SSN, or passwords have been leaked or stolen.
Here are three powerful (and free) Dark Web scanners you can use right now:
- Aura’s leaked password scanner
- Identity Guard Dark Web scanner
Unfortunately, free Dark Web scanners are often limited in what they can find (and don’t constantly monitor the Dark Web for your information).
Instead, a Dark Web monitoring service like Aura periodically scans Dark Web forums and websites for your personal information and then sends you notifications whenever anything suspicious is detected.
You can sign up for a free 14-day trial of Aura and start monitoring the Dark Web for your sensitive information right now.
How to scan the Dark Web for your personal data
- Enter your main (and any other commonly used) email addresses in Aura’s free Dark Web scanner. You can cross-reference with other scanners such as Identity Guard’s Dark Web scanner and HaveIBeenPwned.
- Make a list of all compromised accounts and pieces of personally identifiable information (PII).
- Sign up for a Dark Web monitoring service to automatically be alerted if any of your information is found online.
2. Freeze or lock your credit immediately
Freezing or locking your credit accounts helps ensure that hackers cannot open accounts in your name — even if they have all of your credentials.
Credit locks are instantaneous, but require enrollment in a paid program with one of the three major credit bureaus — Equifax, Experian, or TransUnion. (You can instantly lock your Experian credit file with one click using Aura’s mobile or web app, which is included with every Aura plan.)
You can also request a credit freeze from any of the major bureaus, but it may take up to 24 hours to take effect — a risk that you may not want to take. A freeze doesn’t affect your credit score, but it will block all legitimate credit applications (in addition to fraudulent ones) unless you turn it off.
How to lock or freeze your credit
- Individually contact Equifax, Experian, and TransUnion and request a credit freeze from each. You will need to provide your name, date of birth, address history, and SSN.
- Sign up for one of the credit lock programs, including Equifax Lock & Alert, TransUnion TrueIdentity, or Experian CreditLock to lock your credit.
- Sign up for Aura and get fraud alerts when suspicious new inquiries to your credit file occur. Lock and unlock your credit file immediately using the Aura mobile app and biometric identification.
3. Update all compromised passwords and enable 2FA
Your passwords are the first line of defense against cybercriminals — and the last line, too, without two-factor authentication (2FA). To protect yourself, you need to make sure your passphrases are as impenetrable as possible.
Here’s what to do
- Update all of your accounts. If a password or your personal information is circulating on the Dark Web, you need to act fast to secure your accounts. The first step is to change all of your compromised passwords immediately.
- Use complex, long, and unique passwords. Your passwords should be between 12 and 15 characters long and include a combination of numbers, letters, and symbols. Each password should be unique so that in the case of a data breach, only one account is compromised. Avoid easy-to-guess phrases like your name or birthday.
- Use 2FA or multi-factor authentication (MFA). Even the strongest passwords can be leaked or stolen. Enabling 2FA or MFA provides another layer of protection that prevents criminals from accessing your accounts.
4. Check your credit report and bank statements
If your SSN or other personal information has been discovered on the Dark Web, you need to monitor your finances to ensure your identity isn't stolen.
How to monitor your financial institutions
- Request a free credit report from AnnualCreditReport.com to check whether anyone has obtained unauthorized loans in your name.
- Monitor your bank accounts for suspicious transactions. A credit monitoring service will monitor your bank, credit, and investment accounts 24/7 and alert you to any suspicious activity.
- Contact the fraud department of your bank or credit card company to restore ownership and security of your accounts.
5. Sign up for myE-verify and “self-lock” your SSN
The Department of Homeland Security offers a self-lock feature known as E-Verify. This enables you to “lock” your SSN and block any electronic access attempts.
E-Verify is primarily used to prevent employment-related identity theft. By locking your SSN, you prevent criminals from using your identity to gain employment, commit insurance fraud, and further steal your identity.
How to sign up for Self-Lock and freeze your SSN
To sign up for E-Verify, create a myE-Verify account. Then, follow the instructions to prove your identity. Once your account is up and running, you can freeze your SSN by opening your dashboard, clicking on “Manage My SSN” and then “Lock My SSN.”
Set your challenge questions (so that you can unlock your SSN later), and click on “Lock My SSN” once more.
6. Report the fraud to authorities
If you’re a victim of fraud, it’s vital that you report the crime to the relevant agencies. By reporting fraud, you help to protect yourself and others from further damages.
It’s especially important to complete a fraud report if you are going to dispute fraudulent charges; otherwise, there’s no proof of your being a victim.
Where to report the fraud
There are three authorities to which you need to report the crime:
- The Federal Trade Commission (FTC) at ReportFraud.ftc.gov
- The FBI’s Internet Crime Complaint Center (IC3)
- Local law enforcement
7. Consider signing up for identity theft protection
To avoid falling victim to scammers, hackers, and fraudsters, you need proactive protection. An all-in-one digital security solution like Aura can monitor your accounts, alert you of suspicious activity, and help protect you against cyberattacks.
With Aura, you get:
- Dark Web monitoring and identity theft protection. Get alerted if your SSN has been found on the Dark Web. Identity theft protection monitors your PII, credit cards, home title, bank and investment accounts, IDs, and more.
- Financial Fraud and Credit Protection. Aura offers three-bureau credit monitoring and the ability to lock your Experian credit file with one click. Aura sends alerts up to 4x faster than competitors.
- Instantaneous credit lock. If you discover that your SSN is circulating on the Dark Web, immediately lock your Experian credit file from either the mobile or web app to prevent further damage.
- Identity theft insurance coverage. With Aura, every adult member on your plan receives $1 million in identity theft coverage and 24/7 access to a team of U.S.-based White Glove fraud recovery specialists.
How To Tell If Scammers Are Using Your SSN
There are several warning signs that indicate scammers are using your SSN illegally. To make sure you’re safe, investigate the following:
- Check your mySocialSecurity account. Sign in to your account with the Social Security Administration (SSA), and check your Social Security Statement to ensure that all of your information remains correct. If your earnings or any information is incorrect, it’s a sign that scammers are using your SSN.
- Monitor your credit for suspicious activity. Download a free annual credit report. Check for suspicious charges and accounts that you didn’t authorize. You can also sign up for a credit monitoring service to keep an eye on your accounts in near real-time.
- Check your tax accounts. Sign in to your IRS account to view a breakdown of your tax records by year. If the amount of taxes that you owe seems off, if someone else has submitted a tax return in your name, or there are authorization requests that you didn’t approve, contact the IRS immediately.
- Scan the Dark Web. Use a Dark Web scanner to find out if your SSN is for sale. If you discover that it’s on the Dark Web, chances are someone is using it (or is planning to), and you need to act fast to secure your accounts.
- Check if someone has taken out benefits in your name. As identity thieves will use your SSN to try and claim benefits in your name, you should keep an eye out for signs of these scams and check with your benefits providers if you’re concerned.
📚 Related: 14 Hidden Dangers of Identity Theft That Can Ruin Your Life →
Should You Change Your SSN if It Was Stolen?
Unfortunately, there are only specific situations in which you can change your SSN. Even if you’ve had your SSN stolen, it doesn’t mean you can get a new one.
Furthermore, changing your SSN can cause problems with your earnings history and credit report, making it more difficult to apply for legal documents, passports, and loans.
In most cases, you’re better off dealing with the fallout of SSN theft than trying to get a new SSN.
How To Keep Your Sensitive Information Off The Dark Web
Since it’s almost impossible to remove data once it’s been leaked to the Dark Web, prevention is the best way to protect yourself. Take these critical steps to ensure that you keep your personal information private:
- Use a password manager to secure your online accounts. Make sure you’re using unique passwords for all of your accounts so that if one account is breached, you’re not giving hackers access to everything else.
- Be selective about to whom you give your SSN and other sensitive information. When in doubt, do not include it on an application form.
- Reduce your digital footprint by sharing less personal information online and in your social media profiles.
- Safeguard your online life with an all-in-one digital security provider like Aura that includes antivirus software, a password manager, virtual private network (VPN), credit monitoring, and more.
Scammers will do everything in their power to gain access to your accounts, and your Social Security number is one of their favorite targets.
Sign up for Aura and be alerted in near real-time if someone uses your SSN or if any unauthorized activity is detected on your financial accounts.