What to Do If Your Social Security Number Is on the Dark Web

Discovering that your Social Security number is on the dark web is alarming, but it does not mean your identity has already been stolen. What matters most is how quickly and thoroughly you respond. By taking the right steps immediately, you can dramatically reduce the risk of financial fraud, tax identity theft, and other forms of misuse. This guide walks you through exactly what to do, starting with the most urgent actions.

How Social Security Numbers End Up on the Dark Web

Understanding how your SSN was exposed can help you prevent future incidents. The most common paths include:

• Data breaches: Large-scale breaches at companies like Equifax, T-Mobile, and healthcare providers have exposed hundreds of millions of Social Security numbers. Once stolen, this data is packaged and sold on dark web marketplaces.
• Phishing attacks: Criminals impersonate the IRS, Social Security Administration, or your employer via email, phone, or text to trick you into revealing your SSN directly.
• Stolen mail: Tax documents (W-2s, 1099s), Social Security statements, and financial correspondence contain your SSN. Thieves steal mail from unsecured mailboxes or intercept change-of-address requests.
• Insider theft: Employees at healthcare facilities, financial institutions, or government agencies with access to sensitive records sometimes sell customer data.
• Malware and keyloggers: If your computer or phone is infected, criminals can capture your SSN as you type it into tax software, financial applications, or government websites.

Regardless of how it happened, the response is the same. Act fast and cover every angle.

Immediate Steps to Take

1. Freeze Your Credit at All Three Major Bureaus

A credit freeze is the single most important action you can take. It blocks lenders from pulling your credit report, which prevents criminals from opening new accounts in your name — even if they have your SSN. Credit freezes are free by federal law and take about 5 minutes per bureau.

• Equifax: Visit equifax.com or call (888) 298-0045
• Experian: Visit experian.com/freeze or call (888) 397-3742
• TransUnion: Visit transunion.com/credit-freeze or call (800) 916-8800

You must freeze at all three bureaus separately. If you leave even one unfrozen, a lender could still approve a fraudulent application by pulling your report from the unfrozen bureau. Also consider freezing at lesser-known bureaus like Innovis, ChexSystems, and NCTUE for fuller coverage.

2. Place a Fraud Alert

A fraud alert requires lenders to take extra steps to verify your identity before opening new credit. You only need to contact one bureau — they are legally required to notify the other two.

• Initial fraud alert: Lasts 1 year. Anyone can place one.
• Extended fraud alert: Lasts 7 years. Requires an FTC identity theft report.

A fraud alert is a good complement to a credit freeze, not a substitute. Use both.

3. File a Report at IdentityTheft.gov

Visit IdentityTheft.gov, the FTC's official identity theft resource, to file a report and create a personalized recovery plan. The site generates an official FTC Identity Theft Report, which you may need to:

• Place an extended fraud alert
• Dispute fraudulent accounts with creditors
• Block fraudulent debts from appearing on your credit report
• Prevent debt collectors from pursuing debts caused by identity theft

The recovery plan the site generates gives you step-by-step instructions specific to your situation, including pre-filled letters and forms.

4. Get an IRS Identity Protection PIN

An IRS Identity Protection PIN (IP PIN) is a six-digit number that prevents anyone else from filing a federal tax return using your Social Security number. Without this PIN, the IRS will reject the return.

Request your IP PIN at irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin. You will need to verify your identity through ID.me. A new PIN is issued every January, and you must include it on your tax return each year.

5. Contact the Social Security Administration

Call the SSA at 1-800-772-1213 to report the compromise. Ask them to:

• Review your earnings record at ssa.gov/myaccount for unfamiliar employment — this is a sign of employment identity theft
• Place an Electronic Access Block on your account, which prevents anyone (including you) from making changes to your Social Security record via phone or online
• Flag your account for suspicious activity

You should also set up an E-Verify Self Lock at myeverify.uscis.gov to prevent your SSN from being used for employment verification fraud.

Monitor Your Credit and Accounts

Check Your Credit Reports

Visit AnnualCreditReport.com to get your free credit reports from all three bureaus. Look for:

• Accounts you did not open
• Hard inquiries you do not recognize
• Addresses you have never lived at
• Employers you have never worked for

You are entitled to free weekly credit reports through AnnualCreditReport.com. Check all three bureau reports, as different creditors report to different bureaus. If you find fraudulent accounts, dispute them directly with the bureau and the creditor.

Monitor Your Financial Accounts

Review your bank accounts, credit card statements, and investment accounts for unauthorized transactions. Set up transaction alerts through your bank and credit card issuers so you are notified immediately of any activity. Even small, unfamiliar charges deserve scrutiny — criminals often test stolen information with small purchases before making larger ones.

Sign Up for Dark Web Monitoring

Dark web monitoring services continuously scan underground marketplaces, forums, and data dumps for your personal information. If your SSN, email, passwords, or financial data appear in a new breach or listing, you receive an alert so you can take action before the information is used against you.

This is not a one-time concern. Your SSN may be resold repeatedly on the dark web for years after the initial exposure. Ongoing monitoring ensures you know each time it surfaces in a new context.

Long-Term Protection Strategies

Responding to the immediate threat is essential, but protecting yourself long-term requires ongoing vigilance:

• Keep your credit frozen permanently. Only thaw it temporarily when you need to apply for credit, and refreeze immediately after.
• Renew your IRS IP PIN every year. The IRS issues a new one each January.
• Renew your E-Verify Self Lock annually. It expires after one year if not renewed.
• Use unique, strong passwords for every financial account and enable two-factor authentication everywhere it is offered.
• File your taxes early each year to beat potential fraudsters who might try to file using your SSN.
• Use a locked mailbox or a P.O. Box to prevent physical mail theft.
• Reduce your data footprint. The less personal information available about you online, the harder it is for criminals to impersonate you or answer security questions to bypass account protections.

How PrivacyOn Helps

When your Social Security number is on the dark web, the danger multiplies if criminals can also find your full name, address, date of birth, phone number, and email through data broker sites and people-search engines. This additional information makes it far easier to impersonate you, pass identity verification checks, and commit fraud.

PrivacyOn addresses this by removing your personal information from 100+ data brokers, reducing the amount of publicly accessible data that criminals can combine with your stolen SSN. PrivacyOn also provides dark web monitoring that alerts you whenever your SSN, email addresses, or other sensitive data appear in new breaches or dark web listings — so you can respond immediately rather than discovering the exposure months later.

A credit freeze stops new accounts from being opened, and an IRS IP PIN blocks tax fraud. But only reducing your overall data exposure makes it harder for criminals to use your SSN effectively in the first place. That is the layer of protection PrivacyOn provides.