Several weeks ago I received an alert from my online fraud service that my social security number had been found on the dark web. While I’ve always assumed some of my private information was available online, this was the first time I had confirmation that information of any significance had been leaked. The root cause was of course the now infamous National Public Data breach, which exposed the private information for hundreds of millions of people. If you are wondering if your information was made available in this breach, you can proactively check at NPDBreach.com.

So what should you do if your data, like mine, was part of this breach? Here are the actions I took:

1. Freeze Your Credit

When you apply for any form of credit - e.g. a mortgage, a bank loan or a credit card - the financial institution will check your credit with one or more of the three credit agencies. Credit agencies aggregate your current and past financial history in order to compute your credit score and risk for vendors. They are not, however, responsible for verifying that the financial institution requesting the check is providing credit to the real you. While you can’t stop a criminal from applying to a financial institution under your name, you can prevent the credit check from being successful. To do this, set up accounts with each of the three major credit agencies - Equifax, TransUnion, Experian - and freeze your credit. While this service is free, these companies will often try to upsell you to chargeable services with similar names (e.g. a lock).

If in the future you do apply for credit, you can ask the financial institution which agencies they use, and unfreeze your credit for the time frame they require for the check.

2. Request Your Free Credit Report

After you have frozen your credit, make sure no one has already committed identity theft under your name. To do this, go to AnnualCreditReport.com, where you will be walked through a step-by-step process to retrieve your credit report from each of the three vendors. Based on federal law, all consumers have a right to do this for free once a year.

3. Setup An Account With the IRS

It has become increasingly common for criminals to use the personal information they obtain from the dark web to file false tax returns in someone else’s name. They simply supply all your information with fake financials and request that the IRS to send the tax return to a bank account under their control. It often takes victims years to recover funds from the US government. The good news is this can be easily prevented by setting up an online account with the IRS and enrolling in their PIN code program. This program issues you an annual six digit code that must be provided with your tax return in order for it to be authenticated.

Note: Please make sure you use some form of multi-factor authentication to secure this account (ideally using an authenticator app).

While you may be decades from retirement, you still run the risk of someone claiming your account with the Social Security Administration in order to divert your benefits. The best way to prevent this is to claim your account. The SSA uses ID.me, which will require taking a photo to match against uploaded identification (best set up using a smartphone with a camera).

5. It’s Time to Use a Password Manager

Do you have a complex and unique password for every app / website? If the answer is no, it’s long past time for you to graduate to using a password manager. You can use a more feature-rich commercial solution like 1Password, or just use a basic free one such as the Apple Password app (new with iOS 18). But a failure to invest in a password manager is about as negligent in 2024 as leaving your front door unlocked when you go on vacation.

6. Make Sure All Critical Accounts Are Enabled With MFA

If you have accounts that have access to any important assets or information - e.g. bank accounts, investments, credit cards - it is essential you enable them with multi-factor authentication (MFA). Where possible you should choose to use an authentication app instead of texting a code to your phone for the maximum possible security. For additional detail, see my earlier this year on this topic.

Last Thoughts

While a determined criminal will almost always find a way to exploit a vulnerability in your financial life, you don't have to make it easy for them. By following a few basic security measures like the above, you can reduce the likelihood you are the next victim of identity theft. The recent NPD breach is as good a reason as any to get started on better securing your online life.