What to Do If Your SSN Is on the Dark Web

An SSN appearing on the dark web indicates a serious compromise of personal information. The dark web is a hidden part of the internet where stolen data, including personal identifying information (PII) from data breaches, is traded. This exposure creates a significant risk of identity theft and financial fraud, requiring immediate action to mitigate damage.

Immediate Protective Measures

If your SSN is exposed, place a fraud alert on your credit reports. This alert signals to creditors that they should verify your identity before extending credit. Contact one of the three major credit bureaus—Equifax, Experian, or TransUnion—and that bureau will notify the other two. An initial fraud alert remains on your credit report for one year and can be renewed.

For stronger protection, freeze your credit with each of the three major credit bureaus individually. A credit freeze restricts access to your credit report, preventing new accounts from being opened without authorization. Unlike a fraud alert, which allows lenders to access your report with extra verification, a freeze blocks access entirely. You must complete this process directly with Equifax, Experian, and TransUnion, as freezing with one bureau does not automatically freeze your report with the others.

After these protective measures, review all financial accounts and credit reports for suspicious activity. Check bank and credit card statements, and obtain free copies of your credit reports from AnnualCreditReport.com. You can access a free copy from each of the three nationwide credit bureaus weekly through AnnualCreditReport.com. Look for unfamiliar accounts, unauthorized charges, or unrecognized inquiries.

Change passwords for all online accounts, especially those linked to financial institutions, email, and social media. Create strong, unique passwords for each account, ideally using a password manager. Enable two-factor authentication (2FA) wherever possible. This provides an extra layer of security, requiring a second form of verification like a code sent to your phone, making it harder for unauthorized individuals to access your accounts.

Reporting and Remediation

After taking protective steps, report the identity theft. The Federal Trade Commission (FTC) is the central point for reporting identity theft in the United States. File a report online at IdentityTheft.gov to get a personalized recovery plan and an official FTC Identity Theft Report. This report is a document for disputing fraudulent accounts and charges, proving to businesses you are a victim.

If identity theft has occurred, such as fraudulent accounts opened or charges made, filing a police report is advisable. While not always mandatory, a police report provides additional evidence when disputing fraudulent activity with creditors and financial institutions. Bring your FTC Identity Theft Report and any evidence of fraud to your local police department. This documentation helps establish the legitimacy of your claim.

With the FTC report, dispute any unauthorized charges or accounts. Contact your banks and credit card companies to report fraudulent transactions and request their removal. Most financial institutions have procedures for handling fraud and will require details from your FTC report. If new accounts were opened, contact the associated businesses to close them, informing them these accounts were fraudulently established. Consumers have rights to dispute inaccurate information on their credit reports.

Ongoing Vigilance and Security

Maintain regular vigilance after an SSN exposure to prevent future incidents and detect lingering effects. Monitor your credit reports for new or suspicious activity. While you can access reports weekly for free, stagger requests from the three bureaus throughout the year to continuously monitor your credit profile. This helps you spot potential issues like unauthorized inquiries or new accounts quickly.

Beyond credit reports, routinely review all financial statements, including bank and credit card bills, for unrecognized transactions. Check Explanation of Benefits (EOB) statements from health insurers for medical services you did not receive, which could indicate medical identity theft. Set up electronic alerts for transactions above a certain amount or for unusual activity to provide early warnings.

Remain cautious of phishing attempts and other scams leveraging your exposed information. Phishing emails or texts often contain urgent calls to action, suspicious links, or generic greetings. Always verify the sender and avoid clicking suspicious links or downloading attachments. Be wary of unsolicited calls or messages asking for personal information, as legitimate organizations do not request sensitive data this way.

Secure other personal information beyond your SSN, including tax information, medical records, and online profiles. Regularly review privacy settings on social media and other online platforms. Identity theft protection services offer dark web scans for exposed data and sometimes identity theft insurance to cover recovery costs. While these services come with a fee, they provide an added layer of security and convenience for ongoing monitoring.