A class action lawsuit recently filed in Fort Lauderdale, Florida, has stoked fears of widespread identity theft after roughly 3 billion personal records were hacked by a group known as USDoD.
The filing from April of this year claims that National Public Data records were stolen, which included personal data from individuals in the United States, United Kingdom, and Canada. The threat actors attempted to sell the information for millions of dollars.
Their leverage? USDoD had the Social Security Number of every American.
For those living in the United States, your Social Security Number (SSN) is one of the most (if not the most) important identity numbers. You need it to open a bank account, file your taxes, and receive benefits. Even getting a phone number usually requires an SSN.
While this article highlights the American Social Security Number, this hack also captured British National Insurance Numbers and Canadian Social Insurance Numbers, both of similar sensitivity and value to bad actors.
Keep reading to understand why SSNs are such high-value targets, how to prevent this type of identity theft, and what to do if someone has your Social Security Number.
What Is a Social Security Number?
First issued in 1936, the Social Security Number (SSN) was created to track the earnings of US workers to compute their Social Security benefits, a newly created social insurance program.
A nine-digit number issued to US citizens and permanent and temporary residents, Social Security benefits can be used upon retirement, in case of disability, and for medical care.
Now a de facto national identification number, it consists of an area number (three digits), a group number (two digits), and serial number (four digits).
Why Is Your SSN Considered a High-Value Target?
You may not have a passport or driver’s license but, if you’re an American citizen, you will have a Social Security Number. This makes it a high-value target for cybercriminals given its ubiquitous nature and importance.
What can someone do with your Social Security Number?
- Open credit cards in your name
- Deplete your bank account
- Receive government benefits
- File your tax return
- Commit crimes that will go on your record
Open credit cards in your name
To open a credit card, you need to provide your name, date of birth, and Social Security Number. While your name and date of birth may be public record, your SSN is confidential. Until it’s not.
In 2023 alone, over 381,000 new credit card accounts were fraudulently opened using Personal Identifiable Information (PII).
With this PII in hand, a bad actor can wreak havoc on your finances, racking up debt in your name and damaging your credit.
Deplete your bank account
An SSN is a primary means of identifying you when it comes to financial transactions.
Using payment apps like Zelle and Venmo, hackers can transfer your savings using your SSN and then disappear, leaving you with an empty bank account.
Receive government benefits
Hackers can receive retirement income and disability benefits, known as Supplemental Security Income (SSI), using your SSN. They can also file for unemployment benefits in your name. Medicaid benefits, a government health insurance program, can easily be exploited with a stolen SSN too.
File your tax return
Everyone looks forward to a tax refund. A bad actor with your SSN, however, can get access to this hard-earned cash by filing a tax return in your name.
Worse, you likely won’t realize this has happened until the next tax season when you’re unable to file because of a duplicate return.
Commit crimes that will go on your record
If someone uses your Social Security Number in a police report for a crime they’ve committed, you’ll end up with a criminal record while the fraudster walks away scot-free.
A criminal record can greatly impact your employment options, limit your voting rights, and curtail travel (difficulty obtaining a passport, for example).
How Is Your SSN Stolen?
Before we explore what to do if someone has your Social Security Number, we need to understand how they stole it in the first place.
Data breaches
A breach – unauthorized access to confidential data – can put your personal information in the hands of hackers, including your SSN.
When a data breach occurs, the stolen data is often sold on the dark web, where it can be circulated for years. A Social Security Number can go for as low as $2 on the dark web.
Phishing
Phishing involves emails that appear to come from legitimate sources. The emails contain links that urge the recipient to click on and provide their personal data, like an SSN.
A common phishing scam involving SSNs is an email that appears to be from the Social Security Administration asking for recipients to update their information. The phisher then has access (via a link in the email) to highly sensitive personal details – like your SSN.
Stolen documents
Outside of the digital sphere, your SSN can be stolen via physical documents. Think credit card statements and tax documents. All it takes is someone rummaging through your trash, stealing your wallet, or absconding with your mail to get your SSN.
Keep any documents that contain your SSN in a secure place. Or, better yet, when you no longer need them, use a shredder.
Common Warning Signs Your SSN Has Been Stolen
It’s important to know warning signs to better understand what to do if someone has your Social Security Number.
- Unrecognized financial transactions
- Drop in credit score
- Calls from debt collectors
- Rejected tax return
Unrecognized financial transactions
Unauthorized transactions on a debit or credit card are also signs your SSN has been stolen. Even if your bank alerts you to what they suspect is fraudulent activity, acting fast – getting in touch with the bank -- is imperative to stop charges from accumulating.
If you receive a credit card statement for a card you didn’t open, a bad actor with your SSN may have opened a line of credit in your name.
Drop in credit score
That credit card the bad actor opened? They’re using it to run up debts in your name – debts that they have no intention of paying off that will negatively affect your credit score.
Calls from debt collectors
That credit card that was opened in your name and the debt accumulated? Now it’s time to pay it all back.
If you receive calls from debt collectors about unfamiliar accounts or purchases you’ve never made, then your SSN may have been stolen.
Rejected tax return
Finally, a rejected tax return may mean that a fraudster has filed using your SSN. The IRS will notify you of a duplicate return and you’ll have to submit an Identity Theft Affidavit to rectify the situation.
Steps to Take When Your SSN Has Been Stolen
If you believe that you've been the victim of this type of identity theft, here is what to do if someone has your Social Security Number.
- Contact the Social Security Administration
- Report identity theft to the FTC
- Request a credit freeze
- Contact any companies involved
Contact the Social Security Administration
File a report with the Office of the Inspector General of the Social Security Administration. You can do so as an individual or on behalf of a business.
Report identity theft to the FTC
You can report SSN theft to the Federal Trade Commission (FTC) at IdentityTheft.gov or by calling toll free at 1-877-IDTHEFT (1-877-438-4338).
Request a credit freeze
Freeze your credit by contacting all three credit reporting agencies – Experian, TransUnion, and Equifax. You can do this online, by phone or via mail.
Contact any companies involved
Immediately get in touch with any companies that use your SSN, including your bank or credit card company.
You can also lock your SSN using E-Verify. However, this means you won’t be able to use your number either.
LastPass Solutions for SSN Theft Prevention
Tools like a password manager, multi-factor authentication, and Dark Web Monitoring can prevent future theft and secure your identity.
Password manager
A password manager, like LastPass, can secure you from SSN theft by generating and storing strong, unique passwords for each of your accounts. This eliminates the need to remember multiple complex passwords and reduces the risk of using weak or reused passwords that hackers can exploit.
You can also store your SSN in your vault via Secure Notes.
Secure autofill restricts password entry to verified sites. If the password manager doesn’t autofill a site, it may be a sign that you’re dealing with a phishing attempt.
Multi-factor authentication
Multi-factor authentication (MFA) adds extra layers of security by requiring two or more authentication methods in addition to your password, including biometrics and contextual data (like an IP address).
Enabling MFA can significantly reduce the risk of unauthorized access to your accounts.
Dark Web Monitoring
Dark Web Monitoring provides alerts when your credentials are found on the dark web, so you can take steps to mitigate risk. Once Dark Web Monitoring is turned on, LastPass will continually check your information against a database of compromised credentials.
If your personal data has been identified on the dark web, you’ll get an immediate notification. You’ll also be notified of any weak passwords you’re using that could leave your accounts vulnerable to hackers.
Understanding what to do if someone has your Social Security Number is the first step. To further protect yourself from future threats, start your free LastPass trial.
