MyIDCare alerts - SSN on "Dark Web." Anything to do?
MyIDCare alerts - SSN on "Dark Web." Anything to do?
Today I received 9 email alerts from MyIDCare informing me that my Social Security Number was found on the dark web. (I have a MyIDCare account through my employer (the federal government), based on a past data breach.) The emails say, “While this information doesn't necessarily mean you are a victim of identity theft, you may be at risk.” I visited the MyIDCare website, which seems to indicate that my name, address, DOB, and phone number have been “found compromised with your Social Security number.”
The MyIDCare website says:
Here's what to do:
Your Social Security Number can be used to open lines of credit so you'll want to keep an eye on your credit information. Firstly, watch closely for any credit alerts from us. Secondly, we recommend you pull an updated credit report from at least one of the three credit bureaus at www.annualcreditreport.com. This can be done for free once a year from each of the bureaus. If you find an error on your credit report or an account that you do not recognize, we recommend you contact the credit bureau and file a dispute against the error or account in error.
If you suspect your Social Security number is being used fraudulently for income declaration purposes, you should contact the Social Security Administration at www.ssa.gov or call toll-free at 1-800-772-1213. They will review your earnings with you to ensure their records are correct.
I just reviewed two of my credit reports and everything looks fine. I have long had credit freezes on file with the big 3 credit bureaus (and some smaller ones).
Would you recommend any other action on my part? Thank you.
The MyIDCare website says:
Here's what to do:
Your Social Security Number can be used to open lines of credit so you'll want to keep an eye on your credit information. Firstly, watch closely for any credit alerts from us. Secondly, we recommend you pull an updated credit report from at least one of the three credit bureaus at www.annualcreditreport.com. This can be done for free once a year from each of the bureaus. If you find an error on your credit report or an account that you do not recognize, we recommend you contact the credit bureau and file a dispute against the error or account in error.
If you suspect your Social Security number is being used fraudulently for income declaration purposes, you should contact the Social Security Administration at www.ssa.gov or call toll-free at 1-800-772-1213. They will review your earnings with you to ensure their records are correct.
I just reviewed two of my credit reports and everything looks fine. I have long had credit freezes on file with the big 3 credit bureaus (and some smaller ones).
Would you recommend any other action on my part? Thank you.
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
Freeze your Chex Systems report so bad actors can't open bank accounts in your name to finance their nefarious activities.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. |
(Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
I just started a thread about the same, except my message came from Experian.
[url]/viewtopic.php?t=436535&sid=9195bfff1e43 ... 46da9ce3f9 [url]
[url]/viewtopic.php?t=436535&sid=9195bfff1e43 ... 46da9ce3f9 [url]
Regards |
Bob
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
I’ve never heard of this Chex system, can someone clue me in? Thanks
Regards |
Bob
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
The real thing to curse is that an SSN is considered a useful "secret" to have in the first place. It was never designed to be a secret, nor an authentication method. It should be no more private than your own name and carry no more risk. That's what everyone should be mad at and shake their fists at clouds
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
Remember "not for identification" printed on the cards? Sigh.mouth wrote: ↑Wed Jul 31, 2024 3:49 pmThe real thing to curse is that an SSN is considered a useful "secret" to have in the first place. It was never designed to be a secret, nor an authentication method. It should be no more private than your own name and carry no more risk. That's what everyone should be mad at and shake their fists at clouds
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
ChexSystems has a consumer file for your bank deposit and debit history. A negative report can result in being denied a new bank account. Also, you can freeze your file so, mostly, no one can open an account in your name. Mostly, because not all banks pay for the ChexSystems service.
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
Yup! In the context they were using it at the time (and even now) is that the card itself is not for identification which we would now call authentication before it was a term of art in the modern/digital world. Or putting it in the phrasing of the day, the SS card is "not for identification [of the person presenting the card]". But the number is 100% an identifier of *A* personexodusNH wrote: ↑Wed Jul 31, 2024 4:15 pmRemember "not for identification" printed on the cards? Sigh.mouth wrote: ↑Wed Jul 31, 2024 3:49 pmThe real thing to curse is that an SSN is considered a useful "secret" to have in the first place. It was never designed to be a secret, nor an authentication method. It should be no more private than your own name and carry no more risk. That's what everyone should be mad at and shake their fists at clouds
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
Make sure you have a PIN set up with the IRS to file returns.
-
- Posts: 14
- Joined: Sun Apr 30, 2017 5:54 pm
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
It looks like there are many banks that do not use ChexSystem.
Google search shows many results
e.g
https://www.gobankingrates.com/banking/ ... exsystems/
Google search shows many results
e.g
https://www.gobankingrates.com/banking/ ... exsystems/
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
ThanksDuckie wrote: ↑Wed Jul 31, 2024 4:28 pmChexSystems has a consumer file for your bank deposit and debit history. A negative report can result in being denied a new bank account. Also, you can freeze your file so, mostly, no one can open an account in your name. Mostly, because not all banks pay for the ChexSystems service.
Regards |
Bob
-
- Posts: 525
- Joined: Tue Mar 22, 2022 7:18 pm
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
It's not even a felony for someone to use your SSN.
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
My SSN is also on the dark web. I don't worry about it and just keep credit alerts set up. A single AT&T breech in April leaked 73 million SSNs. Everything is out there.
- ResearchMed
- Posts: 17324
- Joined: Fri Dec 26, 2008 10:25 pm
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
For this type of "warnning" aka "offer", we ignore it.
We assume that a lot of our information is already "out there", and probably has been for some time.
We just keep passwords safe, meaning not shared for different accounts, and changed occasionally, etc.
RM
This signature is a placebo. You are in the control group.
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
I got the same thing, also through the system set up by the feds after all the employee info got hacked. There's really not much we can do... I assume if you're in the same boat I am, you already have your credit frozen. I was impressed at how fast they found that info though - I found an article that said the breach had just happened within the last few days. I wish we lived in a world with any amount of privacy, but we don't, so I think the best we can do is keep everything frozen and hope for the best.
One other interesting thing about this breach, is that the article I found noted that anyone who utilized data opt-out services wasn't impacted. We started doing this a couple of years back, and indeed, every alert I received showed only my data from more than two years ago (none of which is currently accurate). It apparently is worth something to be as proactive as you can about opting out of things.
One other interesting thing about this breach, is that the article I found noted that anyone who utilized data opt-out services wasn't impacted. We started doing this a couple of years back, and indeed, every alert I received showed only my data from more than two years ago (none of which is currently accurate). It apparently is worth something to be as proactive as you can about opting out of things.
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
What data opt out service(s) do you use?funyun wrote: ↑Wed Jul 31, 2024 8:06 pm I got the same thing, also through the system set up by the feds after all the employee info got hacked. There's really not much we can do... I assume if you're in the same boat I am, you already have your credit frozen. I was impressed at how fast they found that info though - I found an article that said the breach had just happened within the last few days. I wish we lived in a world with any amount of privacy, but we don't, so I think the best we can do is keep everything frozen and hope for the best.
One other interesting thing about this breach, is that the article I found noted that anyone who utilized data opt-out services wasn't impacted. We started doing this a couple of years back, and indeed, every alert I received showed only my data from more than two years ago (none of which is currently accurate). It apparently is worth something to be as proactive as you can about opting out of things.
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
Got same msg from different source today.
I am starting to ignore this and "email address found on dark web" alerts.
Getting too many and no clear action to take other than freeze all credit reports which I did long ago.
Email/pwd theft alerts even more useless as they indicate source website unknown.
At least the ss# alert gave a source but it was some site I never used ( one of these places that sell your public info like address phone and apparently ss#.
I am starting to ignore this and "email address found on dark web" alerts.
Getting too many and no clear action to take other than freeze all credit reports which I did long ago.
Email/pwd theft alerts even more useless as they indicate source website unknown.
At least the ss# alert gave a source but it was some site I never used ( one of these places that sell your public info like address phone and apparently ss#.
-
- Posts: 875
- Joined: Sun Jun 05, 2022 5:26 am
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
I don't use a particular data opt-out service, but a couple of years back, we went on a privacy seeking bender and we submitted requests to every company we deal with to not share our info and to opt out of anything we could with them. It was an onerous process for sure. We also live in California which has data privacy rules, so we went to every website we had logins for and submitted privacy and/or deletion requests. Now when I'm surfing the web, I pay attention to those pesky pop-ups that ask if you want to opt in or out and always opt out (I don't know if people see those popups in states outside of CA?). Anyway, it takes a bit of work and ongoing dedication but it was clearly worth it. I don't know if there are companies out there whoh can do this for you.jaMichael wrote: ↑Wed Jul 31, 2024 11:12 pmWhat data opt out service(s) do you use?funyun wrote: ↑Wed Jul 31, 2024 8:06 pm I got the same thing, also through the system set up by the feds after all the employee info got hacked. There's really not much we can do... I assume if you're in the same boat I am, you already have your credit frozen. I was impressed at how fast they found that info though - I found an article that said the breach had just happened within the last few days. I wish we lived in a world with any amount of privacy, but we don't, so I think the best we can do is keep everything frozen and hope for the best.
One other interesting thing about this breach, is that the article I found noted that anyone who utilized data opt-out services wasn't impacted. We started doing this a couple of years back, and indeed, every alert I received showed only my data from more than two years ago (none of which is currently accurate). It apparently is worth something to be as proactive as you can about opting out of things.
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
I take solace in the fact that everyone's SSN is already on the dark web... I used to care, but have now received so many of these letters and notifications that I've grown numb to it. I just freeze my credit everywhere, and don't even bother to sign up for free credit monitoring from all the "offers" after a leak since that's just another avenue for someone to lose my info.
-
- Posts: 942
- Joined: Thu Jan 02, 2020 2:47 pm
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
It wasn't that long ago most states used the SSN as your drivers license number. I believe it was mine when I got my school permit in 1999. Looks like Iowa banned that in 2005. When looking up that date I saw a link to Social Security about a report to congress on enhancing the Social Security Card https://www.ssa.gov/history/reports/ssnreportc6.htmlmouth wrote: ↑Wed Jul 31, 2024 3:49 pmThe real thing to curse is that an SSN is considered a useful "secret" to have in the first place. It was never designed to be a secret, nor an authentication method. It should be no more private than your own name and carry no more risk. That's what everyone should be mad at and shake their fists at clouds
Looks like as recently as 1996 they were planning to force states to include it on drivers licenses by 2000Use of the SSN in State drivers license systems is already authorized by Federal law, and 29 States currently use the SSN as the drivers license number or show it on the license. The 1996 immigration reform provision on improved identification-related documents requires the SSN to be included on State drivers licenses by the year 2000. Thus, the drivers license and Social Security card can both be used to verify the SSN.
-
- Posts: 857
- Joined: Mon Jun 05, 2017 10:01 am
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
OP: I suggest you also create a login acccount at ssa.gov. Starting recently, this has to be done through id.me or login.gov. Regardless of which service you use, register to access your social security account before someone else does. There are other benefits to doing so, such as seeing an estimate of your projected benefits and to review your earnings history.
If you already have an ssa.gov account, login to it, check that your earnings record is as expected, and double-check that your email address is correct.
If you already have an ssa.gov account, login to it, check that your earnings record is as expected, and double-check that your email address is correct.
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
Thanks for all of these helpful responses. I have done pretty much everything recommended, and I found the additional suggestions on this reddit page very helpful.zero_coupon wrote: ↑Thu Aug 01, 2024 5:53 amThis guide seems pretty good:
https://www.reddit.com/r/IdentityTheft/ ... eports_is/
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
Well I went through one of the lists mentioned above, did maybe 90% of it today, about 3 hrs.
I already had freezes on the big 3 for myself, my wife had accts on all 3, 2 frozen, 1 locked. The hassle was finding the right usernames and passwords, these were setup many years ago and records were incomplete. Had to call and work through customer support, which isn’t fun. Same issue with ChexSystems, seems we made accounts and froze those in 2007, no record of those of course. Some of these sites do a good job of trying to talk you into buying services you don’t need.
I know a lot of older folks that are not very tech savvy, I don’t think they could handle this.
Now I just need to keep track of all this.
Thanks all for the info.
I already had freezes on the big 3 for myself, my wife had accts on all 3, 2 frozen, 1 locked. The hassle was finding the right usernames and passwords, these were setup many years ago and records were incomplete. Had to call and work through customer support, which isn’t fun. Same issue with ChexSystems, seems we made accounts and froze those in 2007, no record of those of course. Some of these sites do a good job of trying to talk you into buying services you don’t need.
I know a lot of older folks that are not very tech savvy, I don’t think they could handle this.
Now I just need to keep track of all this.
Thanks all for the info.
Regards |
Bob
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
But see that's the thing, there's no real reason NOT to have SSN on a DL. Heck tattoo it on your forehead! Simply knowing someone's SSN should get you nothing more than a nod and "yup that's someone's number, now prove it's you".Onlineid3089 wrote: ↑Thu Aug 01, 2024 3:12 pmIt wasn't that long ago most states used the SSN as your drivers license number. I believe it was mine when I got my school permit in 1999. Looks like Iowa banned that in 2005. When looking up that date I saw a link to Social Security about a report to congress on enhancing the Social Security Card https://www.ssa.gov/history/reports/ssnreportc6.htmlmouth wrote: ↑Wed Jul 31, 2024 3:49 pmThe real thing to curse is that an SSN is considered a useful "secret" to have in the first place. It was never designed to be a secret, nor an authentication method. It should be no more private than your own name and carry no more risk. That's what everyone should be mad at and shake their fists at cloudsLooks like as recently as 1996 they were planning to force states to include it on drivers licenses by 2000Use of the SSN in State drivers license systems is already authorized by Federal law, and 29 States currently use the SSN as the drivers license number or show it on the license. The 1996 immigration reform provision on improved identification-related documents requires the SSN to be included on State drivers licenses by the year 2000. Thus, the drivers license and Social Security card can both be used to verify the SSN.
If you have a photo ID like a DL with an SSN on it, and your system for securing that ID gives you confidence that the ID is legit, then that really IS some level of proof of identification (aka authentication) and the SSN that goes with that face. The difference is between "knowing a string of numbers" without proof they are your numbers, and "having a trusted document" that proves, to some level of confidence, you are the person you say you are. The only debate at that point is how good your document is at positively identifying the person presenting it. We already know the physical SSN card is trash, but Secure-ID is supposed to be better as are passports, the two most trusted documents in the US (right wrong or indifferent).
Of course a secure ID card like a DL only helps with in-person fraud. It doesn't help with online / phone fraud. It can be one of multiple means (aka presenting a scan of the ID) but on-line authentication better require more than a picture of an ID that is very easy to fake if the authenticator isn't able to get their hands on it. Again, right wrong or indifferent, that's where ID.me and Login.gov are trying to bridge that gap in the chain of trust online along with use of MFA / tokens
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
I had the exact same experience. All of my personal background details were stolen. I am aware that there were over 30 network audits , both internal and external and all of them cautioned about cautioned about the high risk of data-warehousing with Internet access. They didin’t care and 26.2 million accounts were hacked.
This new threat may well justify a class action lawsuit.
This new threat may well justify a class action lawsuit.
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
I assume you need to unfreeze , if you are attempting to open a new credit card account or seeking a loan. Is that easy to do?
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
I’d add a fraud alert.
The dark web sounds so ominous. Are they referring to TOR?
https://www.torproject.org/
The dark web sounds so ominous. Are they referring to TOR?
https://www.torproject.org/
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
I’ve had to unfreeze an acct a couple times, I asked the bank which credit bureau they use and unfroze that one. I left it that way for a week then refroze it.
Regards |
Bob
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
I already have an id.me account. Do I also need to create a login.gov account?WillRetire wrote: ↑Thu Aug 01, 2024 3:43 pm I suggest you also create a login acccount at ssa.gov. Starting recently, this has to be done through id.me or login.gov.
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
Yes, I understand that id.me will get me into ssa.gov. But from a security perspective, do I need to set up a login.gov account in order to prevent some scammer from establishing an account in my name? Or does having an id.me account somehow protect me from that?
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
I’ve had multiple emails from both ID.me and Equifax over the past few days as well. As I’m sure everyone else is getting in their emails, there is a recommendation to put a fraud alert on Equifax. There is a link in the initial emails to get you to the right part of Equifax to do this. But, wait a minute — isn’t it a computer security no-no to click on a link in an email received from a sender you can’t absolutely verify? How can I be sure that the ID.me and Equifax emails aren’t themselves scam messages intended to get me to click on a link where bad things will happen?
Friar1610 |
50-ish/50-ish
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
You can't. But you can go to myEquifax.com directly, sign in, and from there hunt for the "Fraud Alert" section.
If your Equifax account is frozen I wonder if anyone can even see a fraud alert.
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
If my email address is in the dark web, I don’t use it for anything important, especially financial accounts. I set up a separate little used email address for my most sensitive accounts.beyou wrote: ↑Wed Jul 31, 2024 11:37 pm Got same msg from different source today.
I am starting to ignore this and "email address found on dark web" alerts.
Getting too many and no clear action to take other than freeze all credit reports which I did long ago.
Email/pwd theft alerts even more useless as they indicate source website unknown.
At least the ss# alert gave a source but it was some site I never used ( one of these places that sell your public info like address phone and apparently ss#.
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
That does not guarantee the separate email wont be on the dark web, but if you use one of these monitoring services, at least when it shows up, you'll know it's the important email and not the more heavily used one.JBTX wrote: ↑Thu Sep 05, 2024 5:06 pmIf my email address is in the dark web, I don’t use it for anything important, especially financial accounts. I set up a separate little used email address for my most sensitive accounts.beyou wrote: ↑Wed Jul 31, 2024 11:37 pm Got same msg from different source today.
I am starting to ignore this and "email address found on dark web" alerts.
Getting too many and no clear action to take other than freeze all credit reports which I did long ago.
Email/pwd theft alerts even more useless as they indicate source website unknown.
At least the ss# alert gave a source but it was some site I never used ( one of these places that sell your public info like address phone and apparently ss#.
That said, wont do you much good. The alerts I get don't indicate anyone has the password to your email, just that some unknown website is associated to this email address. That does not mean they know your financial site password nor that they know your email password, regardless of which email address you use. If you follow good hygiene (change your long complex passwords periodically, use strongest 2FA allowed at each website etc) your risk is low. I am not sure there is any way to prevent widespread knowledge of your email address. Even if you use different emails for each important vendor, that vendor may sell your email, they may be hacked, their employees may have access to your email.
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
If you have a separate email that you only use for a few sensitive things, like brokerages the only way it gets on the dark web is if there is a breach at those banks. It’s not used for anything else so how does it get on the dark web?beyou wrote: ↑Thu Sep 05, 2024 5:36 pmThat does not guarantee the separate email wont be on the dark web, but if you use one of these monitoring services, at least when it shows up, you'll know it's the important email and not the more heavily used one.JBTX wrote: ↑Thu Sep 05, 2024 5:06 pmIf my email address is in the dark web, I don’t use it for anything important, especially financial accounts. I set up a separate little used email address for my most sensitive accounts.beyou wrote: ↑Wed Jul 31, 2024 11:37 pm Got same msg from different source today.
I am starting to ignore this and "email address found on dark web" alerts.
Getting too many and no clear action to take other than freeze all credit reports which I did long ago.
Email/pwd theft alerts even more useless as they indicate source website unknown.
At least the ss# alert gave a source but it was some site I never used ( one of these places that sell your public info like address phone and apparently ss#.
That said, wont do you much good. The alerts I get don't indicate anyone has the password to your email, just that some unknown website is associated to this email address. That does not mean they know your financial site password nor that they know your email password, regardless of which email address you use. If you follow good hygiene (change your long complex passwords periodically, use strongest 2FA allowed at each website etc) your risk is low. I am not sure there is any way to prevent widespread knowledge of your email address. Even if you use different emails for each important vendor, that vendor may sell your email, they may be hacked, their employees may have access to your email.
You can check on some sites to see if it is out there.
No guarantees but that is one less vector to attack, given a lot of hacks start with an email hack and get other information from other emails in the account.
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
I decided to check my IRS get transcript and it now says I need ID me. I’m trying to set up and IDme account but that is turning out to be a royal PITA. I now have to wait over 30 minutes for a verification video call.
- ResearchMed
- Posts: 17324
- Joined: Fri Dec 26, 2008 10:25 pm
Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?
This is very important advice for *any* website or vendor or email, etc., not just Equifax.
The best advice is: NEVER click on a link in email!
Instead, go to the real website of whichever entity you want or need to contact. And go there by YOU typing in the website address, *not* by clicking on a supposed link in an email.
I think it is *very* unfortunate that some legitimate vendors (including financial firms such as Vanguard !? - but NOT "only" Vanguard!) almost train their clients to practice UNsafe computer hygiene by sending "real" email messages that include a link "to click to get to their website and your personal account".
Sure, if it REALLY is "Vanguard" (or other legitimate vendor), then it would be "safe".
But the scammers keep getting better and batter at disguising themselves as the legitimate entity such that the link does NOT go to the real site... but it takes one to a fake site and then invites/requires one to enter the account and password information. And then... that information can be used for nefarious purposes, such as to remove money from one's account, or perhaps get additional sensitive personal information.
Just get in the habit of *not* clicking on any embedded link in an email!
Go directly to the relevant website by personally typing in the web address, and proceed from there.
(And alas, sometimes the legitimate vendor doesn't make it easy to find the website area that is relevant, because they are now expecting you to "click on the embedded link"... sometimes despite generally warning clients "never to click on embedded links".
RM
This signature is a placebo. You are in the control group.