Nexstar Media Wire News

Your Social Security number is probably on the dark web. Should you be worried?

(NEXSTAR) – Practically every other week, news breaks of some sort of data breach. Just last month, AT&T revealed sensitive information for more than 70 million people – including their Social Security numbers and passwords – was found on the “dark web.”

With so many large-scale data breaches, is your personal information already out there?

“If it’s not, it will be,” said Kyle Hanslovan, CEO of cybersecurity firm Huntress.

Jay Jacobs, an analyst who worked on Verizon’s data breach reporting, told NPR in 2015 he believed 60% to 80% of Social Security numbers had already been compromised by hacks – and that was before the 2017 Equifax breach affecting 148 million people. (Nexstar reached out to Verizon for an updated figure, but was told it was not tracked in their latest research.)

Theft of Social Security numbers is so common, the federal government won’t just give you a new one, even if you can prove yours has been stolen. You’d have to prove you’ve been experiencing “ongoing problems” because of the number being misused. And in the rare case that a new number is issued, the blank slate can create a whole host of problems, the Social Security Administration warns.


But before you panic, remember that not everyone who has been victimized in a data breach will end up victimized by identity theft.

“If you’re a high-value individual that maybe has a high net worth or works at a company that they can extort you, you might actually be a real target,” Hanslovan said. “For the masses though, the everyday common person, you’re more of a target of opportunity.”

Simple measures, like freezing your credit, can reduce your exposure for these types of crimes of opportunity. That can prevent bad actors from using your Social Security number to take out loans or open new credit cards.

But most people shouldn’t spend too much time worrying about what might happen if someone gets their hands on their personal information, Hanslovan said. Instead, he advised keeping an eye on your important accounts, and make sure you’re prepared to act in the case something does go wrong.

“Maybe this is just a part of life. Like for instance, influenza. Yeah, you try to get a flu shot,” he said. “But you just start to learn to live with some of this stuff. And I think that’s a great acknowledgement of maturing beyond every security incident is doom and gloom, and we are learning to live with the world where most of our data that should be private isn’t.”

If you think someone is using your Social Security number and creating credit problems for you, you should report it at IdentityTheft.gov, the Social Security Administration says. You’ll go through the steps of putting a fraud alert on your credit reports, alerting the FTC, and possibly filing a police report. From there, you may need to go through several steps of damage control to clear your name.

“It stinks for privacy, but it kind of normalizes just what’s happening,” Hanslovan said. “It doesn’t make it right, and it definitely doesn’t wave, you know, a company’s true fiduciary responsibilities to protect your data.”