What to do if your Social Security number is on the dark web

Your Social Security number (SSN) is a unique, nine-digit code that unlocks many parts of your life: it’s how you open bank accounts, apply for credit, or file taxes. If it shows up on the dark web, cybercriminals can trade it like currency and use it for identity theft or financial fraud.

Acting quickly can make a huge difference. With the right steps, you can limit the damage, safeguard your finances, and secure your identity going forward. In this guide, we’ll cover what to do if your SSN is exposed and how to stay one step ahead of fraudsters.

Please note: This information is for general educational purposes and not financial or legal advice.

How to check if your SSN is on the dark web

There’s no simple way to type your SSN into a search bar and see if it’s floating around the dark web. Because the dark web is intentionally hidden, the safest approach is to use trusted monitoring services:

• Dark web monitoring tools: ExpressVPN ID Alerts scans hidden sites and forums for your personal information, including your SSN. It also flags suspicious activity like unauthorized address changes or when your SSN is used for loans, so you can act before serious damage occurs. Currently available to ExpressVPN users in the U.S.
• Fraud-alert services from banks and credit bureaus: Some banks, credit card issuers, and credit bureaus include dark web monitoring in their fraud alerts. These tools can flag if your Social Security number or other personal data shows up in risky places online.

Because SSNs are so sensitive, avoid trying to search for them on the dark web yourself. Instead, you should consider using trusted identity theft monitoring services and respond quickly if you receive an alert.

How did my SSN get on the dark web?

There are many ways a Social Security number can end up on dark web marketplaces, and in most cases, it isn’t even your fault.

• Data breach: This happens when a company or organization you share your information with is hacked, and customer data, such as Social Security numbers, is stolen and leaked onto the dark web, where criminals can buy or use it. For instance, the SSNs of 147 million Americans were compromised in the 2017 Equifax data breach.
• Phishing scams targeting SSN: These scams try to fool you into typing your SSN on fake websites that look real but send your data straight to hackers. Spotting the common signs of phishing can help you avoid them.
• Compromised physical documents: Documents containing your SSN can be stolen, so it’s essential to keep them secure. They may even be taken from your dumpster in a practice called “dumpster diving,” which is when cybercriminals rummage through trash to find data about their targets.
• Malware: If your system gets infected with malware like spyware, it could record your keystrokes when you enter your SSN somewhere and send them back to a malicious third party.
• Using unsafe networks: If you don’t secure your browsing on public Wi-Fi, cybercriminals spying on your activity might capture your SSN by sniffing your traffic.

What happens if my SSN is on the dark web?

If your Social Security number ends up on the dark web, criminals can misuse it in many ways. The most common types of identity theft include financial fraud (opening accounts, loans, or draining existing funds), employment identity theft (wages reported to the IRS under your SSN), and medical identity theft (fraudulent care or insurance claims). In some cases, your SSN might even be tied to criminal proceedings, creating legal headaches.

Another risk is cyber extortion, where attackers threaten to expose or sell your stolen SSN unless you pay them. The fallout can last for years, ranging from damaged credit and financial losses to emotional stress and reputational harm.

Learn more: Read our detailed guide to understand better what someone can do with a stolen SSN.

Immediate steps to take if your SSN is on the dark web

It’s important to act fast if your SSN shows up on the dark web. Taking the right steps quickly can help limit the damage and give you back control of your identity.

1. Freeze your credit with major bureaus

A credit freeze is one of the most effective first steps after your SSN is stolen. It blocks criminals from opening new accounts or accessing your credit report, making your information far harder to misuse.

Freezing your credit is free, won’t hurt your credit score, and can be done quickly by contacting all three major credit bureaus: Equifax, Experian, and TransUnion.

2. Request an identity protection PIN from the IRS

To prevent tax return fraud, you should immediately request an identity protection PIN (IP PIN) from the IRS. This six-digit number is known only to you and the IRS, and it must be entered on your tax return before it will be processed. Requesting this PIN is an effective proactive measure that keeps your SSN from being misused for tax fraud.

3. Notify the Social Security Administration

The SSA advises contacting them as soon as you suspect someone is using your SSN. They’ll go over your earnings record with you to make sure everything checks out, and in serious cases, they may even issue you a new SSN.

4. File a fraud report with the Federal Trade Commission

Filing a fraud report with the FTC (Federal Trade Commission) is another key step in reclaiming your identity. It creates an official record that your SSN was stolen, and the FTC will use your report to build a personalized recovery plan to guide you through the process.

5. Contact banks and financial institutions

Contact your bank, credit card companies, and any other financial institutions you have accounts with to inform them your SSN is compromised. It may also be worthwhile to have them place temporary locks on your accounts to ensure the thieves can’t access them and transfer your funds elsewhere.

6. Update and strengthen your passwords

If your SSN is exposed in a data breach, updating and strengthening your passwords is crucial. Otherwise, thieves could break into your other accounts. Remembering unique, strong passwords for every account can be tough, which is why a secure password manager like ExpressVPN Keys makes the job much easier.

Learn more: Find out how to generate strong passwords.

7. Enable two-factor authentication (2FA) on critical accounts

Turning on two-factor authentication is one of the best ways to protect your important accounts. Even if hackers get your password in a data breach, they won’t be able to log in without the extra code that only you can provide.

How to monitor and protect your SSN from future exposure

Because the dark web is decentralized, once your information is posted there, it’s nearly impossible to take it down. Still, the steps below can help you limit the damage and reduce your exposure if your SSN gets leaked.

Work with identity theft protection and dark web monitoring services

As we already mentioned, you can’t run a dark web search for your SSN yourself. That’s where tools like ExpressVPN’s Identity Defender come in. Identity Defender includes ID Alerts, which monitors the dark web, unauthorized address changes, and the misuse of your Social Security number, for example, if it’s used to apply for loans, file for benefits, or make payments.

With real-time alerts tied directly to your SSN and other personal details, you’ll know right away if criminals are trying to exploit your identity, giving you the chance to act before things escalate.

Request removal from public internet databases and data broker sites

Your SSN and other personal information can also be found on "people search" sites on the surface web, which collect and sell your data. Removing your information from these public sources is an essential step in reducing your overall exposure, but it can be time-consuming to visit them all and submit a manual opt-out request. If you're in the U.S., the ExpressVPN Data Removal service can take care of this for you.

Limit where and when you share your SSN moving forward

Protecting your SSN isn’t just about reacting to leaks; it’s also about daily habits. Don’t carry your Social Security card, and always question why your SSN is being requested or if an alternative ID will do.

Set up credit monitoring and credit bureau fraud alerts

The very first thing you should do is contact Equifax, TransUnion, or Experian and ask to set up fraud alerts, which ensure businesses always contact you before opening new accounts in your name. You only have to contact one of them, as the credit bureau you contact must also inform the other two to place an initial fraud alert on your account.

It’s a good idea to use a credit monitoring service so you’ll be alerted right away if someone tries to open a loan or account in your name. While you can do a free credit report check every week through the Annual Credit Report page, checking it manually takes time and effort. In the U.S., ExpressVPN’s Identity Defender makes this easier with its Credit Scanner, which uses Experian’s data to give you credit reports and regular updates on any activity that could impact you.

Watch for suspicious tax activity

Among the primary indicators of a stolen SSN is suspicious tax activity, so you should have an online account with the IRS to monitor your records for any suspicious activity. It’s also important to check any correspondence you receive from the IRS, as receiving a duplicate return filed with your SSN might be an indicator that your SSN was stolen and misused.

Monitor bank and loan accounts regularly

After SSN exposure, you should regularly review your bank and credit card statements. Look for any unrecognized transactions, even small ones, as criminals often test a stolen number with small charges before any larger activity. It’s also worthwhile to check changes to account information, such as addresses or phone numbers, that you did not make.

Use a VPN and encrypted communication tools

A virtual private network (VPN) secures your internet connection by creating an encrypted tunnel for all your data. This adds an extra layer of protection that can prevent hackers from intercepting your SSN or other sensitive information when you enter it online.

Additionally, using secure messaging apps is a smart way to keep sensitive conversations private and out of reach from prying eyes.

Learn more: Check out our detailed guide on identity theft prevention.