Your complete guide to protecting your Social Security number

It is the key that unlocks new credit accounts, tax filings, government benefits, employment records, and medical billing. But if it falls into the wrong hands, the consequences can follow you for years. 

According to the Identity Theft Resource Center, there were 1,857 data breaches in 2024 that included Americans' Social Security numbers, and research shows that having your SSN widely traded among criminals dramatically increases the probability of becoming an identity theft target.¹

The challenge is that most people have limited control over every place their SSN is stored.

Employers, healthcare providers, financial institutions, government agencies, and consumer reporting agencies all hold copies of it. When any one of them is breached, your number can surface in dark web markets and remain in circulation for years.

You may not be able to stop every threat, but you can control your exposure, actively monitor for misuse, and respond fast when it counts. This guide walks you through every meaningful step, from protecting your Social Security number to understanding what happens when it is compromised, and minimizing damage if it is.

Why your Social Security number is so valuable to criminals

Unlike a credit card number, which can be canceled and reissued within days, a Social Security number is permanent.

The Social Security Administration does not routinely issue new numbers, even for confirmed victims of identity theft, except in very limited circumstances. That permanence is precisely what makes an SSN so useful to fraudsters: once they have it, they can attempt to use it indefinitely.

With your Social Security number, a criminal can:

• Open new credit accounts and loans in your name 
• File a fraudulent tax return to claim your refund 
• Apply for government benefits, including unemployment and Social Security payments 
• Pass employment background checks under your identity 
• Obtain medical care billed to your insurance
• Construct a synthetic identity by pairing your SSN with fabricated personal details 

Research published by SentiLink found that when an individual's SSN is widely available among criminals, the likelihood of being targeted for identity fraud increases dramatically compared to people whose SSNs have not been exposed.¹

The downstream effects of SSN theft are not limited to the original victim. Once a thief establishes a foothold with your identity, they may target people connected to you, including family members, children, or associates.

How Social Security numbers get exposed

Understanding how SSNs are compromised is the first step toward limiting your exposure. The most common sources include:

• Large-scale breaches at companies, healthcare networks, government agencies, and data brokers expose SSNs alongside names, addresses, and dates of birth. The 2024 National Public Data breach reportedly involved records tied to hundreds of millions of individuals, including SSNs.

• Fraudulent emails, texts, and phone calls trick people into providing their SSN directly. Scammers posing as IRS representatives, Social Security Administration officials, or bank employees are among the most common vectors.

• Tax documents, Social Security benefit statements, Medicare cards, and pre-approved credit offers sent through the mail all contain or can be used to deduce your SSN.

• Wallets, purses, and unsecured files containing Social Security cards, tax returns, or benefit letters are common targets.

• Employees at healthcare providers, financial institutions, or government agencies occasionally misuse their access to customer records.

• SSNs exposed in prior breaches are bought and sold in dark web markets, often years after the original breach, meaning your number may be in circulation without your knowledge.

How to protect your Social Security number

1. Do not carry your Social Security card

The Social Security Administration's own guidance is clear: do not routinely carry your Social Security card. 

Keep it in a secure location at home, such as a locked file cabinet or a fireproof safe, and take it out only when you genuinely need to present the physical card, which is rare in most adults' daily lives.

Your wallet or purse is vulnerable to theft, loss, and opportunistic access. If your Social Security card is in it, a single incident hands a thief the most sensitive piece of identifying information you possess, along with whatever other documents and cards you carry. Memorize your SSN rather than keeping any written record of it in your wallet.

2. Limit who you give your SSN to

Many institutions ask for your Social Security number as a matter of routine, but not all of them legally require it. Before providing your SSN, ask why it is needed, how it will be stored, and who will have access to it. 

Legitimate scenarios where your SSN is genuinely required include new employment paperwork, opening a financial account, applying for credit, certain tax filings, and government benefit applications. The Social Security Administration recommends asking questions before handing over your number and refusing when the need is not clear.

Businesses such as landlords, utilities, and medical offices often request SSNs but may accept alternative forms of identification. If you are asked for your SSN in a context that feels unnecessary, it is reasonable to ask whether the organization can proceed without it or with only the last four digits. A refusal to explain why it is needed, or pressure to provide it quickly without time to think, is a warning sign.

3. Never provide your SSN in response to unsolicited contact

If you receive an unexpected call from someone claiming to represent a government agency and requesting your SSN, hang up. If you receive an email with a link asking you to verify your SSN, do not click it.

These are phishing and vishing schemes. They may use caller ID spoofing to make the call appear to come from a legitimate number, reference partial information about you to seem credible, and create urgency by claiming your benefits will be suspended or that a warrant has been issued. Legitimate institutions will communicate through official channels, either by mail or by asking you to call a verified number you look up yourself.

4. Protect physical documents containing your SSN

Tax returns, W-2 forms, Social Security benefit letters, Medicare cards, and employment paperwork all contain your SSN or enough adjacent information to make it derivable. Treat these documents the same way you would treat cash.

Store sensitive documents in a locked, fireproof location. When disposing of them, use a cross-cut shredder rather than a standard strip-cut shredder, since strip-cut documents can be reassembled. Do not discard tax documents or benefit letters in household recycling without shredding them first. If you use a mail service, collect your mail promptly, particularly during tax season when W-2s, 1099s, and refund notices are in transit.

5. Secure your online accounts and digital files

Digital copies of tax returns, scanned documents, and files containing personally identifiable information stored on personal devices or cloud services are potential targets.

Use strong, unique passwords for the accounts and services that hold sensitive files. Enable multi-factor authentication (MFA) wherever it is available, particularly for email, since email is frequently the recovery mechanism for other accounts, and a compromised email account can cascade quickly.

Be cautious about submitting your SSN through online forms. Before entering sensitive information on any website, verify that the URL begins with https and that the domain is correct, as phishing sites often use domain names that closely mimic legitimate ones. Avoid using public Wi-Fi for any activity that involves entering your SSN or accessing accounts linked to your financial identity.

6. Set up an IRS Identity Protection PIN

Tax-related identity theft occurs when someone files a fraudulent return using your SSN before you do.

Because the IRS processes returns in the order received, a fraudulent return filed before yours can delay your legitimate refund and trigger a lengthy resolution process.

The IRS offers a free Identity Protection PIN (IP PIN) program: a six-digit code that must be included on any federal tax return filed under your SSN. Without it, a return cannot be processed, even if the filer has your SSN, name, and date of birth.

Any taxpayer can enroll in the IP PIN program regardless of whether they have previously been a victim of tax fraud. The PIN changes each year and is available through the IRS's online portal. It is one of the most direct, accessible defenses against one of the most disruptive forms of SSN misuse, and it remains significantly underutilized.

7. Create a “My Social Security” account

The Social Security Administration's online portal allows you to review your earnings record, check projected benefit estimates, and monitor your account for activity you do not recognize. Creating an account before a potential thief can do so in your name is a meaningful defensive step. If your SSN is misused to report fraudulent earnings, the discrepancy may appear in your earnings record before it manifests in other ways.

Sign in to your My Social Security account periodically and review your recorded earnings. If the earnings reported do not match your actual income, it may indicate that someone has used your SSN for employment fraud, reporting wages under your SSN at a company you have never worked for. This type of fraud can affect your tax liability and benefit eligibility if left uncorrected.

8. Freeze your credit

A credit freeze prevents lenders from accessing your credit report to open new accounts in your name.

It is the single most effective tool for blocking new account fraud, which is one of the primary uses of stolen SSNs. Freezes are free, do not affect your credit score, and can be placed and lifted at any time through each of the three major credit bureaus: Equifax, Experian, and TransUnion.

If your SSN has been exposed in a breach or you have reason to believe it is in circulation, placing a freeze at all three bureaus immediately closes the most common avenue for misuse. You can temporarily lift the freeze if you need to apply for credit and then reinstate it when the application is complete. 

9. Monitor your credit reports regularly

Reviewing your credit reports regularly lets you catch unauthorized accounts, hard inquiries, or address changes that may indicate someone has used your SSN. Free reports from all three bureaus are available through AnnualCreditReport.com. Spacing out requests, one bureau every four months, provides more consistent coverage than pulling all three at once.

Look for accounts you did not open, employers you have not worked for, addresses you have not lived at, and hard inquiries from lenders you have not contacted. Each of these can indicate SSN misuse. The sooner you identify and dispute fraudulent entries, the less damage they cause to your credit history and financial standing.

10. Use dark web monitoring

Dark web monitoring tools scan known breach databases and underground markets for your personal information, including your SSN, email addresses, phone number, and financial account data.

An alert that your SSN has appeared in a breach database does not necessarily mean active fraud has occurred, but it does mean your number is in circulation and warrants immediate protective steps—including knowing which institutions to contact first and how to prioritize your response. A detailed action plan can help you move through those steps with confidence.

The longer fraud goes undetected, the harder it is to contain. Without dark web monitoring, most people only learn their SSN has been compromised when a creditor calls, a tax return bounces back, or a mystery account appears on their credit report (often long after the fact). Monitoring may not prevent exposure, but it does give you something just as valuable: time to respond.

11. Be cautious about oversharing personal information

Criminals build identity profiles by aggregating publicly available information alongside stolen data. The more context they have, including your full name, birthdate, home address, employer, and family members' names, the more convincingly they can impersonate you when attempting to access accounts or answer security questions.

Review your social media privacy settings and limit who can see personal details. Avoid listing your full birthdate publicly, since it is one of the standard identity verification elements used alongside an SSN. Be thoughtful about what information you include in public bios, online directories, and forum profiles.

12. Sign up for SSN monitoring through an identity protection service

Many identity protection services offer specific Social Security number monitoring: alerts if your SSN is used to apply for credit, open accounts, file a tax return, or appear in government benefit records. This kind of monitoring goes beyond what credit reports capture, since some forms of SSN misuse, including medical identity theft, employment fraud, and government benefits fraud, may not immediately appear on a standard credit report.

Look for services that offer real-time alerts rather than periodic summaries, and that cover credit monitoring, dark web scanning, and SSN-specific monitoring as a combined package. The combination of proactive freezes, active monitoring, and real-time alerts provides the most comprehensive defense against the range of ways a stolen SSN can be misused.

Warning signs that your SSN may have been compromised

Many victims discover SSN misuse only after the damage has compounded. The most common early warning signs include:

• A tax return filed in your name that the IRS says has already been received
• Unexplained accounts or hard inquiries on your credit report
• Collection notices or bills for debts you do not recognize
• Notices from employers you have never worked for appear in your Social Security earnings record
• Medical bills for care you never received
• Denial of government benefits because records show you are already receiving them
• A data breach notification from a company that held your SSN
• Dark web monitoring alerts indicating your SSN has been found in a breach database

Any of these signals should prompt immediate action.

Do not assume a discrepancy is an administrative error without investigating, as the consequences of delayed response compound over time.

What to do if your Social Security number is stolen

If you have reason to believe your SSN has been compromised or actively misused, act quickly across all relevant channels simultaneously.

1. Freeze your credit at Equifax, Experian, and TransUnion. Do this first, before anything else, to close the most commonly exploited avenue for SSN misuse.
2. Place a fraud alert at one of the three credit bureaus. That bureau is required to notify the others. A fraud alert prompts lenders to take additional verification steps before opening accounts in your name.
3. File a report with the FTC at IdentityTheft.gov. The FTC generates a personalized recovery plan and an official report you can use when disputing fraudulent accounts with creditors and bureaus.
4. Enroll in the IRS IP PIN program to prevent someone from filing a fraudulent tax return in your name in future filing seasons.
5. Create or review your My Social Security account to check your earnings record for fraudulent employment entries and to lock your account against unauthorized changes.
6. Contact any institution where fraud has occurred and follow their dispute process. Keep written records of every communication, including dates, names, and reference numbers.
7. Consider filing a report with your local police department if a financial institution requires an official police report as part of their fraud dispute process.

Can you get a new Social Security number?

The Social Security Administration will assign a new SSN in very limited circumstances: when someone is experiencing ongoing harm from SSN misuse and has exhausted other remedies, when continued use of the current number poses a documented safety concern, or in cases of severe harassment. It is not a routine remedy for identity theft, and obtaining a new number does not erase the credit history or records associated with the original one.

In practice, most SSN fraud victims are better served by the protective measures described in this guide, including credit freezes, fraud alerts, IRS IP PINs, and active monitoring, than by seeking a new number. The process is lengthy, and a new SSN begins with no credit history, which can create new complications.

Why SSN protection is worth the investment

Your Social Security number will follow you for the rest of your life. It cannot be canceled, reissued on demand, or replaced without significant friction. That permanence is what makes it so valuable (and what makes protecting it worth taking seriously).

Many identity theft victims had no idea anything was wrong until the damage was already done. That gap between when fraud begins and when it’s discovered is where the real harm happens. Taking the time to invest in your personal protection is the best thing you can do to prevent long-term financial harm.

OmniWatch keeps watch so you don’t have to: dark web monitoring, scam protection, credit monitoring, and identity theft insurance all in one place.

Frequently asked questions

1 NBC News, Social Security number leaked? Chances are, a criminal is already trying to use it, 2025

2 American Association of Retired Persons, Identity Fraud and Scams Cost Americans $47 Billion in 2024, 2025