Should I get my SSN back after a breach?

You don't get it back. Once exposed, an SSN is permanently in the leaked corpus. The available defenses are credit freezes (free, federal), IRS Identity Protection PIN (free, voluntary), and reducing the other personal data attached to your SSN (name, address, family) on broker sites so social engineering attacks have less to work with.

Is my Social Security number for sale?

In short

If you've ever been a US adult, almost certainly yes. The 2024 National Public Data breach exposed roughly 2.9 billion records including Social Security numbers, covering most living US adults plus residents of the UK and Canada.
NPD filed for bankruptcy rather than face the class-action and state-AG actions against it. Victim restitution is uncertain at best.
You can't get a new SSN. You can freeze your credit (free), get an IRS IP PIN (free), and reduce the personal data attached to your SSN on broker sites. Delist handles the broker side automatically.

5 min read Last reviewed May 2026 Free scan available

Why your SSN being exposed is different from every other leak

Your email gets leaked, you can change it. Your phone number gets leaked, you can port it. Your password gets leaked, you can rotate it. Your Social Security number gets leaked, and you are stuck with it for the rest of your life.

The SSN was built in 1936 as an account identifier for the new federal old-age program. It was never supposed to be a password, a national ID, a credit-bureau primary key, or a default verification token. It became all of those by accident, over decades, because no other widely-shared identifier existed. Today, your SSN unlocks credit, government benefits, medical care, employment paperwork, and most identity-verification flows. None of those systems were designed for a world where the SSN is, effectively, public.

It is public. As of mid-2024, it was leaked.

The 2024 NPD breach: scale and bankruptcy

National Public Data, a Florida-based data broker, was breached in late 2023 or early 2024. The full corpus surfaced on a criminal hacking forum in August 2024. The leak included:

An estimated 2.9 billion records, by the company's own court filings.
Full names, current and previous addresses, phone numbers, dates of birth, family relationships.
Social Security numbers attached to most records.
Coverage spanning US adults, plus people in the UK and Canada whose data NPD had aggregated.

The corpus was being sold to anyone who paid in cryptocurrency on the forum. Soon after, copies were posted free. There is no putting that back.

NPD's parent company, Jerico Pictures, Inc., filed for Chapter 11 bankruptcy on October 1, 2024 in the Southern District of Florida. The filing cited "tens of thousands" of pending lawsuits, state attorney-general investigations, and an inability to fund the response. Bankruptcy doesn't make the leaked data un-leaked. It mainly means the people whose data was stolen are unlikely to see meaningful restitution.

Find out what's exposed under your name. Free scan covers data brokers and known breach sources. No card needed.

Run my free exposure scan →

Other SSN-exposing breaches worth knowing

NPD was the largest, but not the only one:

Change Healthcare (2024). Cyberattack on the UnitedHealth-owned medical-claims clearinghouse exposed health and payment data for over 192 million Americans. SSNs were included in many records. Recovery and notification are still ongoing.
AT&T (2024). Two separate breaches in 2024. The larger involved customer call records and account data; a related leak included SSNs for current and former wireless customers.
Equifax (2017). The original credit-bureau breach exposed names, SSNs, birth dates, and addresses for 147 million Americans. Settlement payouts ran into 2024.
Aggregated breach leaks. Known leak databases pool records from roughly a thousand publicly disclosed breaches into billions of compromised accounts. SSN coverage varies by breach.

If you have not been exposed in at least one major SSN leak, you are statistically unusual.

What you can do (and what you can't)

You cannot get a new SSN in most cases. The Social Security Administration grants new numbers only for documented ongoing harm — typically identity-theft cases that won't resolve, ongoing harassment, or witness protection. The application is paper-based, evidence-heavy, and denied more often than granted. The new number stays linked to the old one in SSA records anyway, so it is not a clean break.

What you can do:

Freeze your credit at all three bureaus. Free since 2018. Equifax, Experian, and TransUnion each need a separate freeze. This stops new credit accounts from being opened in your name. Lift temporarily when you legitimately need credit.
Get an IRS Identity Protection PIN. Free. Sign up at irs.gov/getanippin. The IRS rejects e-filed returns under your SSN that don't include the PIN. Single most effective defense against tax-refund fraud.
Monitor your Social Security earnings record. At ssa.gov. Anyone using your SSN for employment shows up as income you didn't earn. Catching this early matters because the SSA's correction process takes months.
Check your free credit reports. annualcreditreport.com. One per bureau per year, plus weekly free access continues post-pandemic.
Reduce the surrounding data. An exposed SSN is dangerous mostly when combined with your name, address, employer, family, and phone — the social-engineering scaffolding. Removing your data from broker sites cuts the scaffolding even when the SSN itself can't be retracted.

What identity-theft insurance does (and doesn't) do

The major credit bureaus offer paid monitoring with identity-theft "insurance" — typically $10 to $25 per month. The FTC has warned consumers that most identity-theft insurance covers recovery costs and lost wages, not the actual stolen funds. Banks generally reverse fraudulent charges under federal law anyway. The valuable part of most policies is the case-management service, not the coverage. Read the policy fine print.

The free defenses listed above — credit freezes, IRS PIN, exposure reduction — do more for your safety than any paid identity-theft insurance.

How Delist fits

Delist does not get your SSN back. Nobody can do that.

Delist does the thing that's actually achievable: cuts down the personal data attached to your SSN that makes attacks profitable. The broker sites that publish your name, address, phone, and family connections — the people-search sites that aggregate this data — each get a removal request. We catch re-listings and re-submit automatically.

An exposed SSN with no surrounding social-engineering data is harder to weaponize. That's the available win.

Frequently asked questions

Can I change my Social Security number if it's leaked?

Only in extreme cases. The Social Security Administration grants a new number only when continued use of the original would cause harm — typically documented ongoing identity theft, ongoing harassment, or witness-protection situations. The application is paper-based, requires documentation, and is denied more often than granted. A leaked SSN almost always stays yours.

What is the IRS Identity Protection PIN?

A 6-digit number the IRS issues that you include on your federal tax return. Without the PIN, e-filed returns under your SSN are rejected. Free, voluntary, and effective against tax-refund fraud. Sign up at irs.gov/getanippin. Lasts one year; renewed annually.

How can I tell if my SSN is being used for fraud?

Three signals. Pull your free credit reports at annualcreditreport.com for accounts you didn't open. Check your IRS tax-transcript at IRS.gov for returns filed in your name. Watch your Social Security earnings record at ssa.gov for income you didn't earn. If any of those show something unfamiliar, file at IdentityTheft.gov.

Does an SSN credit freeze cost money?

No. Federal law since 2018 made credit freezes free at all three bureaus (Equifax, Experian, TransUnion). Place a freeze with each bureau separately. Lift it temporarily when you legitimately need credit. Don't pay anyone for "credit lock" services — those are paid versions of the free freeze with weaker legal protections.

Was my SSN actually in the NPD breach?

Almost certainly. The corpus covered most US adults plus residents of the UK and Canada — roughly 2.9 billion records by NPD's own count. If you've held a US Social Security number for more than a few years, you can assume your data is in the leak unless evidence proves otherwise.