While a number of services can alert you if your personal data appears on the dark web, it’s up to you to take action to avoid becoming the victim of fraud or identity theft. Here’s what you need to do if your information falls in the wrong hands.
Chances are you’ve heard some of the creepy stories about the dark web – the secretive part of the internet that you need special software to access.
Because one can traverse the dark web in anonymity, it’s a haven for criminal activity, including the buying and selling of financial data. While a number of services can alert you if your personal data appears on the dark web, it’s up to you to take action to avoid becoming the victim of fraud or identity theft.
It’s almost impossible to completely avoid the dangers of the dark web, experts say. There were 1,244 data breaches in 2018, according to a report by the Identity Theft Resource Center.
“Given the prevalence of data breaches and other data compromises, the likelihood that your data is available on the dark web is probable,” says Eva Velasquez, CEO of the Identity Theft Resource Center.
Sales of information on the dark web can yield anywhere from $5 to $100-plus for credit card account info and more than $1,000 for passports and medical records, according to Experian. Here’s what you need to do if your information falls in the wrong hands.
Separating myth from fact
A number of companies have unveiled dark web monitoring services to alert you when your information shows up there.
For example, Experian offers IdentityWorks, a suite of free and premium services ranging from dark web surveillance to credit monitoring. Some credit card issuers, such as Discover, are adding dark web monitoring to their fraud protection services.
However, learning your information is on the dark web is just the first step. A Consumer Federation of America survey found 36 percent of people who saw dark web monitoring ads thought such services removed their information from the dark web. Another 37 percent thought such services could prevent their information on the dark web from being used. Neither of those beliefs is true.
“If your information is on the dark web, it’s already being sold and resold, most likely multiple times over,” says Brian Stack, vice president of Dark Web Intelligence at Experian. “Once it’s out there you’re not going to be able to stop the spread of it.”
Even if your information was stolen years ago, some cyberthieves repackage old breached data to sell again. But that doesn’t mean you’re helpless. You simply have to be smart.
Taking pre-emptive steps
The type of information found on the dark web plays a role in what steps you should take.
- If you find your credit card or bank account numbers on the dark web, let your card issuer or lender know so they can help you close the account and open a new one.
- If your driver’s license or passport is found, contact your Department of Motor Vehicles or the U.S. State Department, respectively.
- If your Social Security number is on the dark web, report it to the Social Security Administration and the Internal Revenue Service.
- If one of your passwords is on the dark web, change it on all of the accounts where you use it. As an added precaution, change the security questions on your accounts as well.
While some might think an email address showing up on the dark web isn’t a big deal, that’s not the case, says Henry Bagdasarian, founder of Identity Management Institute, an organization that promotes identity risk awareness.
With access to your email address, a hacker can not only get into your email account where sensitive information may be, but he or she can spoof your account so others think they’re receiving messages from you.
Many people use their email addresses as user identifications on some of their online accounts, Bagdasarian says. Contact your email provider if you notice spoofed emails coming from your address. Also, if your email address serves as your user ID for any online accounts, consider changing the user IDs or at least changing your passwords.
Keep an eye on your credit report and card accounts
There are other steps you should take regardless of the type of information found on the dark web.
- Automate credit report monitoring. If your information is posted somewhere on the dark web, it’s not enough to check your credit report annually. Consider buying some type of identity protection monitoring service such as LifeLock or Experian IdentityWorks so you can be alerted to changes to your credit report.
- Monitor your credit card accounts. Even if you’re monitoring your credit reports, you wouldn’t know if someone was accessing your current credit cards unless a payment was late, Bagdasarian points out. However, if you check your credit card bills regularly, you can identify charges you didn’t make as soon as they occur. If you know your information is on the dark web you may also want to have text alerts sent to you whenever your cards are used.
- Put a security freeze on your credit report. With that in place, a scammer can’t open a credit account in your name unless you lift the freeze.
If cyberthieves use your personal information to commit fraud, first contact any companies where the fraud took place.
They’ll freeze the accounts so no further damage can be done. Also, change all of your passwords and PINs used to access your accounts.
Report the incident to the Federal Trade Commission so they can track it and file a report with your local police department.
Your financial institutions may also provide other support if you’ve been victimized, says Laks Vasudevan, vice president at Discover.
“If a Discover cardmember who has signed up for our Social Security alerts is notified that their information has appeared on the dark web, we ask them to call us so we can provide them with what steps they need to take to inform the credit bureaus and reduce the risk of future fraudulent activity,” she said.