What to Do If Your SSN Is on the Dark Web

Intermediate Time: 1-2 hours Category: Identity Protection

If a monitoring service or breach notification has told you that your Social Security number is on the dark web, you need to act quickly but methodically. You cannot change your SSN, but you can make it much harder for anyone to use it fraudulently. This guide covers every protective measure available to you.

Why This Matters

Your SSN is the single most valuable piece of identity data a criminal can have. It is used to open bank accounts, apply for credit, file tax returns, obtain medical care, and even secure employment in your name. According to the Government Accountability Office, SSN theft leads to an average of $1,000 to $5,000 in direct financial losses per victim, with some cases reaching tens of thousands of dollars. Unlike credit card numbers, you cannot simply cancel an SSN and get a new one. The Social Security Administration only issues new numbers in extreme cases. This means your protection strategy must focus on making the stolen SSN unusable.

Step-by-Step Instructions

  1. Freeze your credit immediately at Equifax, Experian, and TransUnion. Also freeze your records at Innovis and ChexSystems. This is the single most important step because it prevents anyone from opening new credit accounts using your SSN.
  2. Set up an IRS Identity Protection PIN at irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin. This 6-digit PIN is required on any tax return filed with your SSN, preventing a criminal from filing a fraudulent tax return in your name.
  3. Create a my Social Security account at ssa.gov/myaccount if you have not already. This locks your SSN from being used to create a fraudulent account. Review your earnings record for any employers you do not recognize, which would indicate employment fraud.
  4. Place a fraud alert with one of the three credit bureaus (they are required to notify the other two). For confirmed identity theft victims, request an extended 7-year fraud alert.
  5. File a report at IdentityTheft.gov to create an official FTC Identity Theft Report. Even if no fraud has occurred yet, this establishes a record and gives you access to recovery tools if fraud happens later.
  6. Enroll in free credit monitoring. Pull your credit reports from all three bureaus at annualcreditreport.com and review them for any accounts or inquiries you do not recognize. Set up weekly credit report checks for the next 12 months.
  7. Contact the Social Security Administration at 1-800-772-1213 to report the compromise. Ask them to review your account for any suspicious activity and flag it for additional protection.
  8. Monitor your bank accounts and medical records closely for the next 12+ months. Set up transaction alerts on all financial accounts. Contact your health insurance provider and request a copy of your benefits statement to check for medical identity theft.

Common Mistakes to Avoid

  • Thinking you need a new SSN: The SSA almost never issues new numbers. Focus on making your current SSN unusable by freezing credit and setting up monitoring.
  • Only freezing credit and doing nothing else: A credit freeze prevents new credit accounts, but your SSN can also be used for tax fraud, employment fraud, and medical identity theft. You need to protect against all of these.
  • Paying for expensive dark web monitoring: Many banks and credit card companies offer free dark web monitoring. Do not pay a premium for something you may already have access to.
  • Assuming nothing will happen: While not every leaked SSN results in fraud, the risk is ongoing and permanent. The protections in this guide should become permanent habits, not temporary measures.

Additional Tips

  • Consider signing up for an identity theft protection service like Aura that provides comprehensive monitoring across credit, financial accounts, and the dark web, plus identity restoration support if fraud occurs.
  • Self-lock your SSN through E-Verify's Self Lock feature (e-verify.gov/employees/myeverify/self-lock) to prevent anyone from using your SSN for employment verification.
  • Keep records of the notification that your SSN was exposed, as well as every protective step you take. This documentation is valuable if you need to dispute fraudulent activity later.

Last updated: February 10, 2026