What to do if your information is found on the dark web

April 23, 2021

In response to the UC Accellion Data Breach, many of you signed up for the Experian IndentityWorks credit monitoring service. As a result, you might have received notifications from Experian that your information (social security number, credit card numbers, email address, etc.) was found on the dark web. The dark web is where sites illegally sell consumer data and other black market goods - don’t go there

Your information could show up on the dark web for all sorts of reasons, many of them prior and unrelated to the Accellion breach. Experian provides information in each notification about the context of when your information was found, including a “Found On” date. 

Steps you can take

If your information is found on the dark web, here are recommended steps you can take:

  • Place a credit freeze with each credit bureaus (Equifax, Transunion, and Experian) to help protect unwanted people from opening credit in your name. 
  • Obtain free credit reports from annualcreditreport.com. Check for any accounts or charges you don’t recognize. Continue to check your reports annually. Be sure to obtain all three of your credit reports. If you experience identity theft, you can use these credit reports as part of the process of restoring your credit.
  • Social security number (SSN)
    • According to the Federal Trade Commission (FTC) IdentityTheft.gov website, there are precautions you should take when your SSN has been involved in a data breach.
    • Create a mySocial Security account with the Social Security Administration. You are doing this to claim your Social Security number and ward off anyone else from creating an account in your name. Review your earnings on your Social Security Statement to ensure your information is correct. Note: if you have a freeze implemented on your credit, you need to lift it before creating a new mySocial Security account.
    • Report SSN fraud to the Social Security Administration
    • Tips to protect your SSN (PDF)
  • Account password: change your password on all of the accounts using that password. As an added precaution, change the security questions on your accounts as well. Consider using a password manager service
  • Credit card or bank account: Contact your credit card issuer or lender so they can help you close the account and open a new one and set up fraud alerts. 
  • Driver’s license: Contact your state’s Department of Motor Vehicles office to report your number stolen/compromised. 
  • Passport: Contact the U.S. Department of State, Bureau of Consular Affairs fraud department
  • Consider adding 2-factor authentication or MFA to your personal accounts to help prevent account take-over attacks.

For more information on how to protect your identity and data, visit the How to Protect Your Data website Traducción al Español