My SSN Was Leaked in a Data Breach. Here's What to Do Now (2026 US Guide)

Finding out your Social Security number was exposed in a data breach is alarming, but it is recoverable — if you act methodically rather than panicking. A leaked SSN does not mean fraud has happened yet; it means you should lock things down before it can. Here is exactly what to do, and what to skip.

What to do now

1. Freeze your credit at all three bureaus. This is the single most important step — it stops anyone opening new accounts with your SSN, it is free, and it doesn’t affect your score. See our step-by-step credit-freeze guide.
2. Get an IRS Identity Protection PIN (IP PIN). Any taxpayer can enroll at IRS.gov. It blocks a thief from filing a tax return in your name — the most common SSN-fraud payoff. (Do not file Form 14039 unless a fraudulent return has actually been filed or the IRS tells you to.)
3. Make a recovery plan at IdentityTheft.gov. The FTC’s IdentityTheft.gov builds a personalised checklist based on what was exposed, and — if misuse has occurred — generates your official FTC Identity Theft Report.
4. Monitor and consider a fraud alert. Check your free weekly reports at AnnualCreditReport.com for accounts you don’t recognise. A free one-year fraud alert (placed at one bureau, which notifies the others) adds a verification step at lenders.
5. If your SSN is being misused, report it. Contact the SSA Office of the Inspector General. Note the SSA rarely issues a new SSN — only in cases of ongoing, documented misuse you can’t otherwise resolve.

"My SSN is on the dark web" — what that means

Breach-monitoring alerts that your SSN is "on the dark web" simply mean it is circulating among criminals — common, and not something you can undo. Ignore any service that offers to "delete" it for a fee; that is not possible. The effective response is exactly the same as above: freeze your credit, get an IP PIN, and monitor. The freeze is what neutralises the value of a stolen SSN.

If actual fraud has already happened

If accounts have been opened or money taken, file your report and recovery plan at IdentityTheft.gov. Report financial cybercrime to the FBI at ic3.gov, and if a bank or credit bureau won’t fix a fraudulent account or dispute, file a CFPB complaint.

Frequently asked questions

My SSN was in a breach but nothing’s happened. Do I still need to act? Yes — freeze your credit and get an IP PIN now. These are free and prevent the fraud before it starts.

Should I file IRS Form 14039? Only if a fraudulent tax return has actually been filed in your name, or the IRS instructs you to. Proactively, get an IP PIN instead.

Can I get a new Social Security number? Almost never — the SSA issues a new number only for ongoing, documented misuse you can’t resolve. A freeze and an IP PIN protect you far more effectively.

Is monitoring my credit really free? Yes — weekly reports from all three bureaus at AnnualCreditReport.com, and the credit freeze itself, are free.

Hit by a scam or identity theft? See our United States reporting and recovery guide and our country-by-country guide to reporting cybercrime and recovering your money.

Sources

• FTC — IdentityTheft.gov data-breach help
• FTC — Credit Freezes and Fraud Alerts
• IRS — Get an Identity Protection PIN
• SSA — Can I change my Social Security number?
• SSA Office of the Inspector General — report fraud