Was your Social Security number leaked to the dark web? Use this tool to find out

This article was first published on August 14, 2014. It was updated on August 18, 2014 to include information about the new Pentester tool.

You’ve probably never heard of National public datathe company that makes money by collecting and selling access to your personal data to credit card companies, employers and private investigators. Now it seems that the USDoD hacker group seized around 2.9 billion of its recordsChances are your records, including possibly your Social Security number (SSN), are in those databases.

Also: 7 password rules we must respect in 2024, according to security experts

The United States Department of Defense wanted sell this data for the modest price of $3.5 million. Ironically, before the US Department of Defense could profit from the theft, another threat actor, Fenice, stole the data and posted it on the dark web.

How serious is it really? According to the security organization Vx-UndergroundThe stolen data includes

• First name
• Last name
• ADDRESS
• Address history (three decades)
• Social Security Number

Vx-Underground It was also found that “the database does not contain information about individuals who use data opt-out services.” Sites or services that allow you to say no to a company or group that wishes to retain its records.

It’s good to know, but for many of you it’s probably a little late.

Also: Best VPN Services: Tested and Reviewed by Experts

The leaked data, totalling 277GB, can be used to commit identity theft and fraud. While the leak does not necessarily affect 2.9 billion people (because each person has multiple records), it does pose a significant risk. The information can be used to open fraudulent accounts, apply for loans or even commit tax fraud.

How to know if your Social Security number was leaked

There is A site that can tell you If your Social Security number was leaked from the personal security company Pentester, you will need to enter your first name, last name, year of birth, and which states you have lived in. If your Social Security number is there, the site will show you a box showing your address on record and the last two numbers of your Social Security number.

If you cannot find your records associated with your current state or name, try searching for previous states and/or other last names.

I tested this tool and found legitimate records listed.

Also: Get Rid of the Internet with These Online Data Deletion Services

As Richard Glaser, co-founder of Pentester, said, “Names, addresses, and phone numbers can change, but your social security number doesn’t.” Financial institutions use social security numbers to verify identity and comply with regulations when you apply for loans, credit cards, or investments. If you’re a U.S. citizen, it’s the key to your identity. That’s why it’s crucial to determine whether or not your social security number is available.

How to monitor your credit reports

If your Social Security number was leaked, check your credit reports (Experian, Equifax, and TransUnion) for any unauthorized activity (and do so regularly from now on!). Report any suspicious transactions to the credit bureaus, via their websites, and freeze credit to prevent new accounts from being opened in your name.

You can freeze your credit through credit companies, Equifax credit freeze, Experian Credit Freezeand TransUnion Credit FreezeSome financial companies, such as Credit Karmacan also help you freeze your credit.

Also: How to freeze your credit and how it can help protect you after a data breach

If you are concerned that your data is being used against you, it is time to use a Identity theft protection and credit monitoring service To protect yourself, ZDNET recommends Aura as the best overall service.

But it is not enough to use these services.

Beware of phishing attempts

You should also stay alert to phishing attacksBe wary of emails, texts, or calls that attempt to request personal information. Scammers will use your leaked data to create convincing phishing attacks. For example, I recently received an email purporting to be from my bank, which included my address, warning that my account had been hacked and that I needed to change my password from the included link. Right now.

Also: Stop paying for third-party antivirus software. Here’s why

Whenever you receive such a message, whether it is warning you of something terrible or promising you something that seems too good to be true, do not trust it. Never click on links in such emails or text messages.

What to do if you’ve clicked on a phishing link

If you have clicked on a phishing link, don’t panic. However, take the following steps immediately:

1. Disconnect from the Internet and your local network immediately. This prevents any potential malware from spreading or communicating with malicious servers.

2. Back up important data to an external hard drive or USB flash drive. This protects your information in case of data loss or corruption.

3. Run a Comprehensive antivirus scanDon’t have one on your device? Then you need to download an antivirus program on another computer, transfer its installer to a USB flash drive, and install it on the affected machine.

4. Change the passwords for all your online accounts, especially important ones like bank and credit card accounts. Use strong, unique passwords for each account, and consider using a Password manager.

5. Allow multi-factor authenticationEnable multi-factor authentication (MFA) on your accounts whenever possible. This adds an extra layer of security.

6. Keep an eye on your important online accounts. If you notice any suspicious activity, contact the company as soon as possible.

What to do if your SSN is compromised

If someone uses your SSN illegally or without your consent, you should take the following steps:

1. File a report with the Federal Trade Commission (FTC) at IdentityTheft.govThis website will guide you through the process and provide you with a personalized recovery plan.
2. File a report with your local police. While they may not be able to investigate immediately, having a police report can serve as important documentation.
3. Monitor your credit reports for unauthorized accounts or activity. You can get free weekly credit reports at Annual credit report.com.
4. As I mentioned earlier, you need to place a credit freeze on your credit reports with the three major credit bureaus: Equifax, Experian, and TransUnion. This prevents new accounts from being opened in your name. You can also place a fraud alert on your credit reports, which requires companies to verify your identity before issuing credit in your name.
5. Check your Social Security Statement for any suspicious activity, such as undeclared income.

Next, contact the Internal Revenue Service (IRS) to avoid potential tax-related fraud. Here’s what you should do:

1. Contact the IRS:You can contact the IRS Identity Protection Specialized Unit by calling 1-800-908-4490. This line is dedicated to helping people who believe they are victims of identity theft related to their tax accounts.
2. Filing an Identity Theft Affidavit: Complete IRS Form 14039the form used to report suspected identity theft to the IRS. You can submit it online through IdentityTheft.govwhich you will send to the IRS, or you can download the form from the IRS website and mail it with your tax return to the address specified on the form.
3. Respond to IRS notices: If you receive a notice from the IRS stating that your SSN has been used fraudulently, follow the instructions provided in the notice. These notices typically arrive by mail. You may then need to submit a Form 14039 or other documentation to verify your identity and resolve the issue.

It can be a long and tedious process, but if you don’t verify and, if necessary, protect your accounts, your identity can be stolen. Recovering from identity theft is much more painful than preventing it.

Also: Did you receive a fake invoice from McAfee? How the scam works and two things you should never do

Next, stay alert and continue to monitor your accounts and credit reports regularly. If you notice any suspicious activity, report it immediately to the relevant authorities and financial institutions. This is not a threat you can deal with once and then ignore. It is a threat that will continue for the rest of your life.

Yeah, I hate that too.