You probably already realize that keeping your social security number (ssn) secure is really important. But have you ever thought about what would happen if you didn’t keep it safe? And what the repercussions would be? How do hackers get your social security number? And what can they do with it once they have it? Read on to find out how and why a hacker would steal your social security number, and how to prevent this type of identity theft from happening.
Why would someone steal your social security number?
To get a true understanding of why it’s so important to make sure that your social security number never falls into the wrong hands, let’s start from the beginning. A social security number is a nine-digit number issued by the government to all U.S. citizens. These numbers were first issued in the 1930s to track accounts in the newly formed New Deal Social Security program and were never supposed to be used as a primary way of identifying oneself. But seeing as almost every American citizen holds a social security number, it has since become the de facto way of identifying people. It’s how the IRS keeps track of individuals. You also need one in order to obtain a passport, open any kind of financial service, get a driver’s license, or apply for insurance.
For the most part, the requesting parties will use your social security number as an easy way to ID their customers, not because they actually need it. Yet in practice, this means that all these businesses and organizations have people’s most sensitive data stored on their servers, even though in the vast majority of cases it’s totally unnecessary. Consequently, if any of these organizations or businesses get hacked, social security numbers are the very first thing hackers will go after.
How can someone steal your social security number?
A variety of data breaches can lead to the compromise of your social security number. For example, hackers and cybercriminals target businesses, government agencies, educational institutions, and healthcare providers to gain unauthorized access to their databases containing personal information, including social security numbers.
How do hackers get your social security number?
Additionally, there are some other common types of data breaches that could put your social security number at risk:
- Phishing attacks: Hackers can get your social security number through the use of phishing emails or messages, sent to trick individuals into providing their sensitive information, including social security numbers, by posing as legitimate organizations or individuals.
- Insider threats: Employees, contractors, or individuals with authorized access to databases may misuse their privileges to access and steal personal information, such as social security numbers.
- Lost or stolen devices: If a device containing personal information, such as laptops, smartphones, or external hard drives, is lost or stolen, it could lead to a data breach if the data is not properly encrypted or protected.
- Unsecured websites or databases: Insecurely designed or maintained websites and databases may expose sensitive data, including social security numbers, to unauthorized individuals.
- Malware and ransomware: Malicious software, or ‘malware’, can infiltrate computer systems and networks, allowing attackers to access and steal sensitive data, including social security numbers. Ransomware attacks can also lead to data breaches if sensitive information is exposed or encrypted.
- Third-party vendor breaches: Organizations often share sensitive data with third-party vendors. If one of these vendors experiences a data breach, it could compromise the data of their clients, including social security numbers.
- Social engineering: Attackers may use social engineering techniques to manipulate individuals into revealing their social security numbers or other sensitive information.
- Data leaks and misconfigurations: Misconfigured cloud storage, publicly accessible databases, or accidental data leaks can lead to the inadvertent exposure of sensitive information, including social security numbers.
- Physical breaches: Theft or unauthorized access to physical records, such as paper documents or files, containing personal information can also result in a data breach.
It's important to note that even with strong security measures, no system is entirely immune to data breaches. That's why it's crucial to be cautious about sharing your social security number and other personal information, and to monitor your accounts and credit reports regularly for any signs of suspicious activity. Additionally, being informed about data breaches and following best practices for online security can help reduce the risk of your social security number being compromised.
Can someone access my bank account with my social security number?
Unfortunately, the answer to this is ‘Yes’ - once a threat actor has your social security number, they can indeed open bank accounts in your name, or add names to your existing bank accounts so they can access said accounts and help themselves to the funds deposited there.
What can a person do with your social security number?
What if someone steals your social security number? What can they actually do with it? Once a hacker has your social, he or she can commit all kinds of identity fraud - it doesn’t stop at bank accounts. And unfortunately for the victim, sorting out identity theft is terribly complex. In some cases, the victim may spend the rest of his or her life dealing with the consequences.
What can hackers do with my social security number?
Below are just some of the things hackers can do once they have your social security number:
- Sell it on the dark web: Selling your data to another cyber criminal is one of the possibilities - there’s a huge market for consumer data on the dark web.
- Open credit cards in your name: To open almost any credit card account, all you need is an SSN, name, and address. After stealing your SSN, getting your name and address is a relative cinch. Together, these three pieces of information in the wrong hands are incredibly damaging.
- Get your tax return: You may be eagerly awaiting your tax return money, but as long as an attacker has your SSN name and birthdate, he or she can file a tax return in your name. Goodbye money, and more importantly, goodbye security and privacy.
- Take out loans in your name: Armed with your SSN and name, attackers can take out loans and never pay them back. This causes huge damage to your credit rating, ability to get insurance and can even prevent you from getting a job in the future.
- Use your health coverage: Imagine getting a statement for a medical procedure you know you’ve never had, and having to pay the bill. With just your SSN, a hacker can pose as you, receive medical treatment and stick you with the bill. As terrible as this is, messing with your medical can get much worse; if an attacker is treated in your name, his or her current medical issues will be added to your records, which could lead doctors to prescribe incorrect or unnecessary medications or procedures.
- Claim to be you if charged with a crime: Did you really think a hacker would ‘fess up if caught by the police? Nah, they’ll just pretend to be you instead. By giving your name over to the authorities, you have become a part of their web of crime and lies, which may keep you from getting lines of credit and jobs … and worse of all may land you in prison.
- Open utilities in your name: All it takes is an SSN and name to open accounts at certain utilities such as gas, electric and phone companies. Attackers may run up bills under your name and then you get stuck with the bill.
So if you were wondering ‘What can hackers do with my social security number’, you can see that unfortunately, the list is pretty long - further verifying the need to protect your social security number.
6 ways to protect your social security number
Now that we’ve established the dangers of SSN theft, it’s important to understand how to protect your social security number from falling into the wrong hands:
- Take your SSN card out of your wallet: Some people have the habit of carrying their social security card around, but this is a huge mistake. Take it out ASAP and put it someplace very secure, like a safe deposit box.
- Learn it by heart: Memorizing your social security number means you’ll never need to write it down unnecessarily.
- Don’t give your number out: As we mentioned, some companies ask for your SSN but that doesn’t mean you need to give it to them. Unless it’s your employer, bank, the IRS or some other government-backed agency who’s asking, you can and should decline to provide that information.
- Never put it in email or text: Even if you do need to give over your social to one of the parties listed above, make sure to NEVER put it in an email or text message. If your phone/email or the receiving party’s phone or email gets hacked, your social is toast.
- Shred documents: Another way attackers get your SSN is by fishing through your trash. There is a decent chance that your SSN or other identifying information may be listed somewhere on papers you’re throwing out. Don’t risk it and shred everything with an office-grade shredder.
- Monitor your credit card statements: Keep super close tabs on your bank and credit card statements. This will allow you to see if anyone has opened anything in your name before there is widespread damage.
What to do if your SSN is stolen
You may be worried that your SSN has already been compromised. If you believe you are a victim of identity theft, it's essential to take immediate action to protect yourself and minimize potential damage. Below is our list of tips for what to do when your SSN is stolen.
What to do when your SSN is stolen
- Contact the authorities: Report the suspected identity theft to your local law enforcement agency and file a police report. This documentation may be necessary when dealing with creditors, financial institutions, and government agencies.
- Notify the Federal Trade Commission (FTC): You can report the identity theft to the FTC online or by phone at 1-877-438-4338. The FTC can provide guidance on how to proceed and may offer resources to help you recover from identity theft.
- Contact credit bureaus: Reach out to the three major credit bureaus (Equifax, Experian, and TransUnion) and place a fraud alert on your credit reports. This will make it more difficult for an identity thief to open new accounts in your name. When you place a fraud alert with one bureau, they are required to notify the others.
- Review your credit reports: Obtain free copies of your credit reports from each of the three credit bureaus. Review them thoroughly to identify any unauthorized accounts or suspicious activity. You are entitled to a free credit report from each bureau once every 12 months through AnnualCreditReport.com.
- Close compromised accounts: If you identify any fraudulent accounts, contact the respective financial institution or creditor immediately. Explain the situation and have the accounts closed to prevent further misuse.
- Update passwords and PINs: Change the passwords and PINs for your online accounts, especially those linked to financial or personal information.
- Contact the Social Security Administration: Inform the Social Security Administration (SSA) about the identity theft. You can report it online at www.ssa.gov, or call their fraud hotline at 1-800-269-0271.
- Monitor your accounts: Keep a close eye on your bank accounts, credit cards, and other financial accounts for any suspicious transactions. Report any unauthorized activity to the respective institutions.
- Consider credit monitoring or identity theft protection services: These services can help you monitor your credit and provide alerts if there is any unusual activity.
- Stay vigilant: Remain vigilant in monitoring your financial accounts and credit reports for an extended period. Identity thieves may attempt to use your information again even after the initial incident.
Remember, identity theft can have serious consequences, so it's crucial to act quickly and decisively. By following these steps and working with the appropriate authorities, you can start the process of recovering your identity and protecting yourself from further harm. Ultimately, when it comes to protecting your social security number, the best move is to never give it out without thoroughly understanding to whom, and why, you’re giving it out. Keeping your social security number secure is a long-term prospect, but one that’s well worth the effort.
At ReasonLabs, we’ve developed cybersecurity features to help you quickly and proactively detect if any of your personal information has been compromised online. For example, our Online Security browser extension contains a Dark Web Monitoring feature enabling you to check if any of your email accounts have been subject to a data breach. For more information on identity theft, digital fraud and online security best practices, visit www.reasonlabs.com.