My Social Security Number Was Found on the Dark Web. Help!

How Dangerous Is It If Your SSN Is on the Dark Web?

With just your Social Security number (SSN), scammers can apply for loans, open bank accounts, and commit crimes — all in your name.

Unfortunately, there’s a good chance that your SSN is already on the Dark Web — or, as one cybersecurity CEO put it: “If it’s not, it will be.” [*]

By some reports, 69% of all data breaches last year included SSNs [*]. The April 2024 AT&T breach alone leaked over 70 million Social Security numbers to the Dark Web [*].

The bad news is that once your SSN has been leaked to the Dark Web, it’s virtually impossible for you to remove it. Instead, the best thing you can do is to proactively lock down your identity and accounts and be prepared for the worst. 

{{show-toc}} 

How To Check If Your SSN Is Circulating on the Dark Web

The Dark Web is a layer of the internet that’s only accessible by using special tools such as the Tor browser. Unlike regular websites that most people use, marketplaces and sites on the Dark Web are truly anonymous — masking users’ locations, IP addresses, and identities — making the Dark Web a perfect platform for cybercriminals and hackers to buy and sell stolen data. 

Because you likely can’t get on the Dark Web yourself (and probably shouldn’t, for safety reasons), there are only two ways to know if your SSN was part of a data breach:

1. You get a notification from a company that was impacted by a data breach. Companies are legally required to disclose breaches, as well as what information was leaked.‍
2. You get an alert from a Dark Web monitoring company. Aura, for instance, offers a free Dark Web scan that lets you know if your passwords or email address were leaked in a breach.

While data breaches are the primary means by which your SSN can end up on the Dark Web, breaches aren’t the only threat. 

Scammers can use phishing websites, hack Wi-Fi networks, and use bots and malware to steal personal information — leading to more of your data falling into the hands of hackers.

📚 Related: How To Check If Someone Is Using Your SSN →

What To Do If Your SSN Was Found on the Dark Web

Sites on the Dark Web are out of reach for authorities — and even if one site gets taken down, the data is almost always backed up and quickly re-uploaded to a new site.

You can try to change your SSN, but there are only certain situations in which the government permits this — such as if you’ve experienced ongoing fraud or are at risk of physical harm or harassment.

If you do get a new SSN, it can affect your earnings history and credit, making it more difficult down the line to apply for legal documents and passports. 

In most cases, you’re better off dealing with the fallout of SSN theft rather than trying to get a new SSN.

1. Freeze or lock your credit immediately

One of the greatest risks of a leaked SSN is that scammers can use it to take out loans or open financial accounts in your name. A credit freeze prevents anyone from accessing your credit file — which means that scammers won’t be able to ruin your credit score.

A credit freeze is more secure than a fraud alert, which only requires lenders to take additional precautions before extending credit to you — something scammers have learned to circumvent. 

To freeze your credit, you need to contact each of the three major credit bureaus individually — Experian, Equifax, and TransUnion:

2. Report the fraud to the proper authorities

If your SSN has been leaked or compromised and you are the victim of identity theft, contact the relevant authorities to inform them of the fraud and protect yourself against any actions that scammers may take by using your SSN:

• The Federal Trade Commission (FTC). File an official identity theft affidavit online at IdentityTheft.gov. This will act as your proof of innocence and is almost always required when disputing fraudulent charges. The FTC will also supply you with a personalized fraud recovery plan. 
• Local law enforcement. File a police report if your SSN was used to open accounts or if you have any information about the scammers or thief who victimized you. 
• Social Security Administration (SSA). You can block criminals from using your SSN to unlawfully apply for work by using the online e-Verify service. Once your account is up and running, you can freeze your SSN by opening your dashboard, clicking on “Manage My Social Security Number” and then “Lock My SSN.” 

It’s especially important to complete fraud and police reports if you are going to dispute fraudulent charges; otherwise, there’s no proof of your being a victim.

3. Check your credit report and bank statements

If your SSN has been compromised, you’ll want to keep close tabs on your financial accounts to ensure they haven’t been illegally accessed. 

• Request free credit reports from AnnualCreditReport.com to check whether anyone has obtained unauthorized loans in your name.
• Monitor your bank accounts for suspicious transactions. A credit monitoring service can monitor your bank, credit, and investment accounts for you and notify you of any suspicious activity. 
• Contact the fraud department of your bank or credit card company to close compromised accounts and cards and issue new ones.

📚 Related: What Can Scammers Do With Your Bank Account Number?  →

4. Do a full Dark Web scan to see what information hackers have obtained

Free Dark Web scanners (such as Aura’s leaked password checker or HaveIBeenPwned) can only tell you if passwords associated with your email address were leaked in a data breach. 

To scan for more sensitive information — such as your SSN, credit card details, or even passport numbers — you need to sign up for a full Dark Web monitoring service.  

A Dark Web monitoring service like Aura periodically scans Dark Web forums and websites for your personal information and then sends you notifications whenever anything suspicious is detected. Sign up for a free 14-day trial to start monitoring the Dark Web for your data right away. 

5. Lock your SIM

Identity thieves could potentially use your SSN to open a cell phone account in your name or even convince your cell phone provider to transfer ownership of your existing account. This could allow scammers to bypass two-factor authentication (2FA) security on your accounts — as any codes would be sent to a phone that they control. 

As a precaution, you should contact your provider and ask them to “lock” your SIM with a custom PIN. Once you’ve locked your account, scammers can’t use your mobile data or make phone calls without your four-digit code.

📚 Related: How To Find Out If Your Information Is on the Dark Web →

6. Get an Identity Protection PIN

Identity Protection PINs (IP PINs) stop fraudsters from filing tax returns by using your SSN or Individual Taxpayer Identification Number (ITIN) [*]. Only you and the IRS know your IP PIN, and it must be entered on every federal tax return.

If you’re a previous victim of tax-related identity theft and the IRS has fixed your tax issues, they will mail you a CP01A Notice with a new IP PIN to use each year. 

If you haven’t been the victim of identity theft, you can still request an IP PIN via your IRS.gov account or at your local Taxpayer Assistance Center (make sure to bring two government-issued identification documents to verify your identity).

7. Update all compromised passwords, and enable 2FA

If your SSN has been leaked online, there’s a good chance other personal data about you is available as well — including your passwords. 

• Change all of your compromised passwords immediately. Use a password manager to generate and store complex and unique passwords for each account. Avoid easy-to-guess phrases like your name or birthday. 
• Use 2FA or multi-factor authentication (MFA). Even the strongest passwords can be leaked or stolen. Enabling 2FA or MFA provides another layer of protection that prevents criminals from accessing your accounts without your fingerprint, face ID, or authenticator codes.

📚 Related: How Do Password Managers Work? [Step-by-Step Setup Guide] →

8. Consider signing up for identity theft protection

Using your compromised SSN is one of the easiest ways for someone to steal your identity — and you won’t always be able to stop them. 

Aura’s award-winning identity theft protection solution monitors your SSN and other sensitive information 24/7/365 — and notifies you if it’s been leaked, has appeared online or on the Dark Web, or is being used without your permission. 

With Aura, you also get three-bureau credit monitoring with the industry’s fastest fraud alerts³, one-click Experian CreditLock, and an advanced suite of digital security tools to protect your personal data from being leaked.

If the worst should happen, all Aura plans include round-the-clock U.S-based support and up to $1 million in identity theft insurance to cover eligible losses and expenses.

What Can Scammers Do With Your Leaked SSN?

Your SSN is a valuable piece of data for scammers — but even worse, it can be easily linked to more of your personally identifiable information (PII), such as your address, phone number, and date of birth. 

With this type of stolen information, scammers can:

• Open new credit card accounts or take out loans in your name
• File for unemployment and other government benefits
• Get a driver’s license or other ID in your name
• File a fraudulent tax return and steal your refund
• Receive medical care by using your benefits plan
• Rent a home or lease a vehicle
• And so much more…

The bottom line: SSN fraud is hard to spot — until it’s too late. Consider an SSN monitoring tool to alert you if your personal information is being illegally used. 

How To Keep Your Sensitive Information Off of the Dark Web 

Since it’s almost impossible to remove data once it’s been leaked to the Dark Web, prevention is the best way to protect yourself. 

Take these critical steps to keep your SSN private:

• Don’t carry your Social Security card with you. Also, shred documents that display your SSN as soon as you’ve reviewed them.
• Be selective about sharing your SSN. Never share your SSN on social media or any other public forum. Avoid phishing scams by asking why someone needs your SSN and how it will be used. When in doubt, do not include it on an application form.
• Use a VPN when updating sensitive accounts. A virtual private network encrypts your data — stopping hackers from stealing your SSN as you apply for new accounts or file your taxes. It will also block spoofed websites designed to steal your credentials.
• Create a mySocial Security account. Claiming your SSN at SSA.gov ensures that no one else can create an online account in your name — even if they have your number.
• Check your Social Security earnings record annually. Compare it to your W-2 and tax return. If you’ve created a mySocial Security account, you’ll automatically get emails three months before your birthday each year reminding you to check your earnings [*].

Scammers do everything they can to access your accounts — and your Social Security number is one of their favorite targets. 

Sign up for a free, 14-day Aura trial to be alerted in near real-time if someone uses your SSN or if any unauthorized activity is detected on your financial accounts.

Aura keeps your SSN (and identity) safe — start your free 14-day trial!