Retirement 2.0blog

Someone tried to hack my Social Security account

Government website offers tips to protect personal data, but gaps may remain

Nov 6, 2017 @ 12:00 pm

By Mary Beth Franklin

Several InvestmentNews readers have asked me to weigh in on whether the recent Equifax data breach, which affected an estimated 143 million Americans, could compromise online Social Security accounts.

Equifax, one of the three major credit bureaus, announced in September that it had experienced a major data breach last summer involving Social Security numbers, birth dates, addresses and in some cases driver's licenses and credit card numbers, for about half of all American adults.

The pilfered information is the perfect recipe for committing identity fraud. In theory, hackers could use this sensitive personal information to set up an online Social Security account in your name, file for those benefits when you became eligible and direct the payments to a new address and bank account without your knowledge.

The bigger question is, can they use that same information to gain access to the millions of existing My Social Security accounts and possibly divert benefits?

While researching this question, I discovered a nasty surprise. Electronic access to my account was suspended after someone tried––unsuccessfully––to log into my account.

"We tried three times to match the information you provided with our records, but were unable to do so," the error message said. "The suspension will not affect any Social Security benefits you receive," the generic notice assured me.


But I'm not receiving any Social Security benefits. I just want to make sure my online information is secure. What now?

The website directed me to contact SSA's toll-free number at 800-772-1213, but the help desk is only staffed Mondays through Fridays, not over the weekend when I discovered the possible security breach.

I sent an email asking about next steps. Although I have not yet received a response from SSA, I was able to access my account Monday morning without further incident. Perhaps the extra security measures I agreed to six months ago helped thwart an unauthorized hack.

Meanwhile, inquiring minds want to know if their online accounts are safe.

Without mentioning the Equifax breach directly, Jim Borland, acting deputy director for communications at the Social Security Administration, posted a blog on the agency's website in mid-September about "protecting your Social Security".

"A My Social Security account is your gateway to many of our online services," Mr. Borland wrote. "Create your account today and take away the risk of someone else trying to create one in your name, even if they obtain your Social Security number," he advised.

Anyone 18 or older who has a Social Security number, a U.S. address and a valid email address can set up an online account. In addition to supplying these critical personal details, the Social Security Administration will ask applicants to answer a variety of questions that are cross-referenced with their credit reports, such as the name of the bank that holds their mortgage or car loan, to verify their identity.


You can also sign up for extra security when you first register for a My Social Security account or add it to an existing account, as I did several months ago before the Equifax data breach.

As an additional security measure, Social Security will ask for one of the following: the last eight digits of your credit card; information found in your W-2 tax form; or information from your self-employment tax form. An upgrade code will be mailed to your home address, usually in five to 10 business days. The letter will include step-by-step instructions to finalize the security upgrade.

"If you already have a My Social Security account, but haven't signed in lately, take a moment to login to easily take advantage of our second method to identify you each time you log in," Mr. Borland wrote, explaining that you can choose to have a one-time code texted to your cell phone or sent to your email address as an added security measure. "Using two ways to identify you when you sign on will help protect your account from unauthorized use and potential identity theft," he added.

One of my readers cited Mr. Borland's blog as full of great advice, but noted it still left some questions unanswered.

"It does not specifically state that it takes more than the four identifiers stolen at Equifax (name, birth date, address and Social Security number) to make changes to Social Security accounts that could lead to a diversion of benefits," the reader said in an email.

"If there are sufficient cybersecurity measures in place to prevent this, I think the SSA communication should be updated to make that clear," he wrote. "On the other hand, if new measures are necessary, they should take them now and then publicize those measures."

I agree. I sent the reader's comment to the SSA press office last week, but so far, I have not received a response. Stay tuned for details on the broader issue of protecting our online Social Security accounts.


What do you think?

View comments

Recommended for you

RIA Data Center

Use InvestmentNews' RIA Data Center to filter and find key information on over 1,400 fee-only registered investment advisory firms.

Rank RIAs by

Upcoming Event

Apr 30


Retirement Income Summit

Join InvestmentNews at the 12th annual Retirement Income Summit - the industry's premier retirement planning conference.Much has changed - and much remains to be learned. Attend and discuss how the future is full of opportunity for ... Learn more

Featured video


How to differentiate from the competition

How does Black Diamond's technology play a role in allowing an advisor firm to differentiate itself from the competition? Bob Conchiglia joins us for a discussion.

Latest news & opinion

Raymond James executives call on industry to keep broker protocol

Also ask firms to pay for the administration of the protocol to 'ensure its longevity and relevance.'

Senate committee approves tax plan but full passage not assured

Several Republican senators expressed reservations about the bill, and the GOP cannot afford too many defections.

House passes tax bill, focus turns to Senate

Tax reform legislation expected to have more of a challenge in upper chamber.

SEC enforcement of advisers drops in Trump era

The agency pursued 82 cases against advisers and firms in fiscal year 2017, down from 98 the previous year.

PIABA accuses Finra of conflicts of interest

Public Investors Arbitration Bar Association report slams self-regulator over its picks for board of governors.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print