Penetration testing, also referred to as pen testing, is a simulation of a cyber attack that organizations conduct to identify security vulnerabilities within their systems. By
You may be concerned if your Social Security number (SSN) was found on the dark web following the recent breach that, according to CNBC, exposed almost three billion SSNs. National Public Data, a company that conducts background checks, suffered a data breach involving SSNs, email addresses, phone numbers and home addresses.
If your SSN was found on the dark web, you are most likely concerned about your identity being stolen. Although it’s terrifying for your SSN to be found anywhere online, the dark web is a dangerous place because it is a part of the internet where cybercriminals go to buy and sell personal information including SSNs, credit card numbers and bank account information.
Continue reading to learn how to tell if your SSN is on the dark web and how to protect your privacy and identity.
How do I know if my SSN is on the dark web?
If you’re unsure whether your SSN is on the dark web, there are several signs you can watch for or actions you can take to determine if your SSN has fallen into the wrong hands.
You receive a breach notification
Check your email to see if you received a message from a company with which you have an account regarding a data breach. Companies typically send letters or notifications to their customers whose Personally Identifiable Information (PII) was exposed during a data breach. Your SSN qualifies as PII, but PII can also include your name, birthday, driver’s license number, bank account information or medical records. If you receive an email or notification from a company with whom you have an account that your SSN was compromised, your SSN may be on the dark web.
Use a free dark web scan tool
A dark web scan alerts you if your personal information, such as your SSN, has been found on the dark web. Some credit card companies, like Discover, Capital One and Chase, may notify you if your SSN is found on the dark web through their dark web scanners. However, there are many free dark web scan tools that you can use without going through your credit card company to see if your PII has been exposed. Typically, dark web scan tools require your email address and possibly your phone number or additional information to function. Once you’ve entered your information, the dark web scan tool relies on its database of billions of PII exposed from data breaches to determine if your PII is on the dark web. Your results should appear instantly or within several minutes, and they may indicate that your SSN was found on the dark web.
Monitor your mySocialSecurity account
Create or log in to your mySocialSecurity account to see if there has been any suspicious activity. Your mySocialSecurity account will show your benefits (if you have applied for them) and other helpful information. If you are not receiving any benefits, your mySocialSecurity account will show proof of this. To monitor your account, just sign in and review your statements if you have any. If you know you aren’t receiving any benefits but your account activity indicates you are, this could mean someone stole or bought your SSN from the dark web and is using your identity to receive benefits.
Review your credit reports
Although you should regularly monitor your credit reports for suspicious activity, you should review your credit reports – especially if you believe your SSN has been compromised. Your credit report will include PII, credit card account information, loans in your name and credit inquiries. You can request a copy of your credit report from AnnualCreditReport.com. When reviewing your credit reports, look for any unfamiliar activity, including new lines of credit or loans in your name that you didn’t request. If you find anything suspicious, it could be a sign that your SSN was compromised and used to commit identity theft.
You receive notices from the IRS
If you receive anything from the IRS about discrepancies in your income through the official IRS notification system, a cybercriminal may be using your SSN for fraudulent purposes. Someone may have filed a tax return using your SSN if it was found on the dark web, which could have triggered a notice from the IRS. Contact the IRS immediately if you think or know you are a victim of identity theft. You can do this over the phone at 1-800-908-4490 or through the mail by filling out and submitting Form 14039.
7 steps to take if your SSN is found on the dark web
After confirming that your SSN is on the dark web, there are several steps you need to take immediately to protect your identity from further damage.
1. Freeze your credit reports
You should freeze your credit reports as soon as you know your SSN has been found on the dark web. A credit freeze prevents creditors from approving new loans or lines of credit in your name. Freezing your credit ensures that anyone who obtains your SSN can’t open lines of credit or apply for a loan under your name. To place a credit freeze, you must contact each of the three major credit bureaus (Experian, TransUnion and Equifax).
2. Lock your SSN
Next, you should lock your SSN by either contacting the Social Security Administration (SSA) or self-locking it using your E-Verify account. Locking your SSN is necessary when your SSN is on the dark web because it prevents anyone, including you, from changing or accessing your Social Security record. This way, if a cybercriminal sells your SSN to other cybercriminals, no one will be able to use your SSN to commit fraud or identity theft.
Lock your SSN by calling the SSA at 1-800-772-1213. They will need additional proof of your identity when you speak to them, so make sure you have your driver’s license or passport before you call.
You can also lock your SSN by creating an E-Verify account. Select three security questions and remember your answers, as you will be asked the same questions when you are ready to remove the lock from your SSN.
3. Create a mySocialSecurity account if you don’t have one
If you don’t already have a mySocialSecurity account, you need to create one so you can view and manage your benefits, application status, earnings and statements. As mentioned before, if you know you are not receiving any benefits but your mySocialSecurity account shows that you are, this is a sign that your SSN is on the dark web and a cybercriminal is using your identity. It is important to create and monitor your mySocialSecurity account so you can detect any discrepancies and signs of identity theft. After creating your mySocialSecurity account, immediately report any unusual activity to the SSA.
4. Report your stolen SSN to the Federal Trade Commission (FTC)
Once your SSN has been found on the dark web, you should report it as stolen to the Federal Trade Commission (FTC). Notifying the FTC will result in receiving personalized steps based on your situation. The FTC will use all the information you provide by sharing it with law enforcement to investigate the identity theft. This is why it’s important to report your SSN as stolen right away, so the FTC can collaborate with law enforcement to help you achieve justice.
5. Request an Identity Protection PIN (IP PIN)
An Identity Protection PIN (IP PIN) is a six-digit number that stops someone from filing a tax return with your SSN. The only people who know your IP PIN are you and the IRS, which even prevents a cybercriminal who has your SSN from using it to commit tax fraud. After applying for an IP PIN and completing the verification process, you will receive an IP PIN. Every year, you will receive a new IP PIN to ensure the utmost protection of your SSN and taxes.
6. Change your passwords and enable Multi-Factor Authentication (MFA)
When your SSN has been found on the dark web, you should immediately change all your passwords to prevent a cybercriminal from accessing any more of your private information. You can quickly change all your passwords by using a password manager, such as Keeper, which can generate new, strong passwords for each of your accounts.
Once you’ve updated your passwords, you should enable Multi-Factor Authentication (MFA) on each of your accounts. This will require anyone trying to sign in to your accounts to have not only your username and password but also an additional form of authentication. Some examples of MFA include a PIN, a code from an authenticator app, a fingerprint scan or even your specific geographic location. Without having access to your MFA, a cybercriminal will not be able to log in to your accounts if you have enabled it as an extra form of security.
7. Sign up for a credit monitoring service
A credit monitoring service notices any changes in your credit report and alerts you if there is suspicious activity that could indicate fraud. You should sign up for a credit monitoring service because it will protect your credit score from being negatively impacted by fraud, detect unusual activity like missed payments or new accounts and freeze your accounts if you confirm suspicious activity has occurred. Remember, some credit card companies offer this service for free if you have an account with them, so contact your credit card company to see if they offer credit monitoring.
Protect your identity from the dark web
After finding out your SSN is on the dark web, you should immediately take action and follow the steps above to protect your identity and private accounts. To keep your information safe, you should use a password manager that can update your passwords with strong, unique ones and scan the dark web.
Start your free 30-day trial of Keeper Password Manager today to discover its helpful features to protect your identity and SSN.