What to do if my financial information is found on the dark web?
Reviewed by Mike Marcacci, Sr. VP of Engineering at OmniWatch
Having your financial information stolen can be a frightening and overwhelming experience. Thieves can use your financial information to make fraudulent purchases, take out loans, or damage your credit.
It’s important to understand the risks associated with having your financial information exposed on the dark web and what steps you should take if it does happen. Below, we'll cover how to recognize if your financial information has been compromised, what you can do to protect yourself from further damage, and tips to help prevent identity theft in the future. Knowing these things and taking action can help you feel more secure and confident that you have taken necessary precautions against having your personal information stolen.
What is the Dark Web?
The dark web is a part of the internet that can only be accessed using special software, such as The Onion Router (TOR). It is an anonymous network where users can communicate and access websites without fear of being tracked or identified. Many people use the dark web to buy and sell illegal goods, as well as engage in other criminal activities.
However, it also has legitimate uses such as allowing whistleblowers to communicate securely with journalists, or activists to share information without fear of government surveillance. In addition, some individuals may use the dark web for more mundane tasks like browsing online forums or playing video games. Regardless of its purpose, it remains largely unregulated and often serves as a hub for illegal activities.
How did my Financial Information end up on the Dark Web?
There are several ways financial information can end up on the dark web. One way is through an online data breach, where hackers gain access to a company’s database and steal personal data like financial information as well as other sensitive materials. Another way for financial information to be exposed is if someone with malicious intent deliberately posts it on the dark web. In some cases, financial information can be exposed due to human error or negligence. For example, if an employee accidentally uploads a file containing sensitive information to a shared server that is not properly secured.
What can People do with my Financial Information?
Once a malicious actor has obtained access to your financial information, they can use it in a variety of ways. They can open new accounts in your name and run up large amounts of debt, as well as apply for credit cards or loans. They may file taxes using your financial information to gain fraudulent tax refunds or to apply for government benefits or services. Your financial information could also be sold on the dark web as a form of currency.
What Should I do if I Think my Financial Information was Stolen?
Stolen financial information is a serious threat and must be addressed immediately. If you suspect your financial information was stolen and might be on the dark web, take action now. The first step is to determine if preventative measures will be enough or if you have been a victim of identity theft.
Step 1. How to know if someone stole your identity
Check Your Credit Report
You can access your credit report through OmniWatch™ to see if any new accounts or changes have happened that you’re not familiar with.
Monitor Your Credit Card and Bank Activity
Regularly review your credit card statements for any purchases you did not make. Do the same with your banks. Report any suspicious activity to your financial institution immediately.
File an Identity Theft Report With the FTC
If you think your financial information was stolen, report the identity theft to the FTC as soon as possible. Filing an identity theft report with the Federal Trade Commission will alert authorities of potential fraud activity and can help protect you from further damage. You can report identity theft on the Federal Trade Commission’s Identity Theft webpage.
After filing, you should immediately call OmniWatch support as an OmniWatch member to get a dedicated agent assigned to your case.
You may need to file a police report for identity theft separately from the FTC report. An OmniWatch restoration specialist can guide you through filing a police report for identity theft and determine the next steps you need to take to restore your identity.
Step 2. Preventing thieves from using your financial information
If there is nothing out of the ordinary, you should immediately take the following steps to add additional layers of protection.
Request new Credit and Debit Cards
If a specific card was leaked, replace it with a new number. If your bank account number was leaked, you’ll need to contact your bank to get a new account.
Monitor Your Credit Alerts
With any OmniWatch subscription, you’ll get alerts when anything changes on your TransUnion® credit report. If you have a premium subscription, you’ll get alerts for all three of your credit agency reports (TransUnion®, Equifax®, and Experian®) so you can know if anything changes.
Lock/Freeze Your Credit With the Three Major Credit Bureaus
Locking or freezing your credit will prevent new lines of credit from being opened under your name. You will need to remember to unlock whichever credit report any potential lender uses if you need to open a new credit card or get a loan in the future.
You can easily lock and unlock your TransUnion credit report from your OmniWatch account. Simply toggle it on and off on the “credit” page. If your financial information is exposed, you should make sure all three of your credit reports are locked.
You can easily lock your Equifax® report for free by creating a free account here.
Experian charges you to lock your credit, but by law, they are required to allow you to “freeze” your credit for free. This has the same effect as locking your credit, but instead of being able to easily toggle it on or off, you have to authenticate your identity every time you want to freeze or unfreeze your credit. Activate an Experian credit freeze if your information has been exposed as soon as possible.
IRS PIN
You can create a unique PIN that the IRS will require to accept your tax return. Change your IRS PIN code every year. This can help prevent anyone from stealing your tax return. You can access this feature by clicking here.
Leverage OmniWatch’s Identity Theft Insurance Coverage
If you already have OmniWatch, you’re covered with up to $2 million in identity theft insurance if your identity is stolen (exclusions and limitations apply). Our US-based restoration specialists are available 24/7 to walk you through the entire process and even fill out and submit paperwork for you.
Enter your email address and get results in seconds
Hackers and thieves don’t wait and neither should you! See if your passwords have been exposed in a data breach.
How can I Protect my Financial information?
Here are some key ways you can limit the chances of someone getting ahold of your financial information.
Secure Your Home Network and Devices
Make sure all your home devices, including computers, laptops, mobile phones, and tablets are secured with strong passwords. Additionally, you should enable two-factor authentication on any accounts that offer it for an extra layer of security. You could also explore a consumer-grade firewall device that can protect your computer or network from malicious or unnecessary network traffic and software.
Be Smart About Sharing Personal Information.
It is essential to be aware of the sites you visit and what information you share online. Be sure to avoid clicking on suspicious links or emails, as they may lead to malicious websites where your personal information could be stolen.
Using Two-Factor Authentication (2FA)
Two-factor authentication, meaning that along with a username and password, you need another “factor” to unlock your account, will also help make your accounts more difficult to access.
Common examples are when you have to enter a code you get on your email or phone. If you have an authentication app that provides a rotating code to enter to log in, this also serves as a method of two-factor authentication.
SMS two-factor authentication is the least secure authentication method because phone numbers are easier to hack. In 2022, hackers claimed they breached T-Mobile over 100 times, partly to gain access to phone numbers to break into 2FA-enabled accounts. You should make sure to use either email-based 2FA or an app like Google® Authenticator.
Strengthening Passwords
Multiple tools can help crack passwords, especially if they are short or use things like addresses, emails, or anything that may be associated with you. Ideally, you want to create a long password with numerous special characters that spell no particular word. Better yet, you can use a complicated and unique passphrase. Since these are hard to remember, using password managers like 1Password® can help you create secure and varied passwords or passphrases while still allowing you to log into accounts quickly and easily.
Strengthening Security Questions
When creating answers to security questions, you should never put real answers. This information can be discovered online. Hackers can easily figure out what elementary school you went to, the street you grew up on, and other readily available personal details if they search hard enough. Instead, create your answers the same way you would create long difficult passwords. A password manager can also help you manage these security question answers.
Sign up for an Identity Protection Service like OmniWatch
Identity protection services, like OmniWatch, can monitor your credit, help detect online identity data found on the dark web, and offer identity theft insurance if someone steals your identity.
What Cybersecurity Professionals are Saying
Chester Wisniewski
Principal Research Scientist at Sophos
“Looking forward into 2023 has me very concerned with what developments we see with the malicious use of machine learning technologies”
Matt Kapko
Cybersecurity Reporter
"Threat actors don’t just follow the news — they react to it and identify new ways to target potential victims during moments of heightened sensitivity."
Chester Wisniewski
Principal Research Scientist at Sophos
"ChatGPT3 could easily be weaponized to help criminals write more convincing phishing and business email compromise scams."