This breach is a bad one: Criminals with access to your Social Security number can do far more damage than those with a hacked credit card number.
Hackers have done it again. This time, they went after Sony Pictures Entertainment, exposing Social Security numbers, contracts and taxpayer-identification numbers for 47,000 employees. That total includes some big names, including Sylvester Stallone and Judd Apatow. Even worse, the hackers have posted the information online. Guardians of Peace, a group thought to be affiliated with North Korea, has claimed responsibility for the hack.
This monumental hack is much worse than the average data breach. If your debit card number is compromised—think of Target’s data breach—the worst thing that happens is, after some headache, you get your money refunded and a new card. But if your Social Security number is compromised, identity thieves can wreak havoc on your life.
With a Social Security number, fraudsters can apply for credit cards, mortgages and other lines of credit in your name, racking up debt on your tab. That can ruin your credit, making it difficult for you to get a new credit card, mortgage, or even a job. Identity thieves can also file fraudulent tax returns in your name, robbing you of your return and causing chaos at the IRS.
Scared yet? If your Social Security number is ever compromised in a data breach, here’s what you should know about your options.
You probably can’t get a replacement Social Security number
You might wish you could just get a new Social Security number. Don’t bother, says Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse. First, it wouldn’t be effective: Government agencies, credit bureaus and businesses will still associate you with your old, compromised number. Meanwhile, you’ll need to rebuild your credit history from scratch, which will make it harder to get your finances in order.
Plus, the Social Security Administration rarely issues replacement numbers after data breaches, Stephens says. If it did, half the country might be eligible.
“I’m not aware of any situation where someone has gotten a new Social Security number because of identity theft,” Stephens says. “That is very difficult to do, and consumer advocates advise against doing so. It further complicates things for you, and the act of getting a new Social Security number is not really going to impact the ability of a criminal to use your old Social Security number.”
If you want to try anyway, gather documentation to prove your citizenship (with a birth certificate or passport), your age (with a birth certificate, religious record, hospital record or passport) and your identity (with a drivers’ license, state-issued ID, or passport).
The SSA says you need to “provide evidence you are having ongoing problems because of the misuse” to be considered for a new number. So if your Social Security number has been exposed but you’re not yet a victim of fraud, don’t waste your time.
“You cannot get a new SSN to avoid the consequences of filing for bankruptcy, to avoid the law or your legal responsibility, or if there is no evidence that someone is using your number,” SSA spokesman William “BJ” Jarrett said in an email. Jarrett advises that if you believe someone is fraudulently using your Social Security number, you should first file a police report and contact the Federal Trade Commission (877-438-4338). “If you have done all you can to fix the problems resulting from misuse of an SSN and someone is still using it, Social Security may be able to assign a new number.”
The Federal Trade Commission also warns that there are companies that offer to help you apply — for a fee, naturally. But you don’t need their help and you shouldn’t have to pay any money; the application for a replacement Social Security number is free.
You can put a fraud alert on your credit report
This one is easy—and you can do it even if your information hasn’t already been exposed. A fraud alert tells creditors to double-check whenever someone applies for credit in your name. For example, when a credit card issuer receives an application for a new card, a fraud alert tells the company to contact you and make sure you’re really the one who submitted the application.
You can monitor your credit reports
However, you shouldn’t stop there. Under the law, you’re entitled to a free credit report from each of the three credit bureaus every year. Check it.
“If you opt for just the fraud alert, you need to be aware that fraud alerts are not infallible,” Stephens says. “We would recommend that you continually regularly examine your credit reports. Get them every few months and make sure that there’s nothing on there that’s fraudulent.”
You can also sign up for credit monitoring—just don’t pay for it. After a data breach, it’s become the norm for companies to offer free credit monitoring to victims, Stephens says. He also recommends free monitoring from Credit Karma and Credit Sesame.
You can put a security freeze on your credit report
This is the most foolproof thing you can do, but there are downsides. A freeze means no one can pull your credit report—so no one can apply for new lines of credit in your name, not even you.
Identity theft victims can get a freeze for free, but others have to pay. Prices vary by state. It can cost up to $30 to institute a freeze and $12 to lift. You have to “lift” the freeze every time you apply for credit, so that the creditor can check your report.
In other words, there could be a $12 surcharge every time you apply for a credit card, mortgage, or even a job or apartment. For that reason, credit freezes aren’t always a practical solution, especially not for young people who move around a lot.