As online business owners, keeping finances secure and personal information safe for your customers are key to running a reputable business. But what about your own personal information as the one running the shop?

Imagine this: You run an online business making routine transactions with customers all over the country through a third-party shopping cart company. But one day, you discover that your Social Security number (SSN) has been showing up on customer receipts, compromising your business and your identity. What should you do?

It’s not a far-fetched scenario, as Social Security leaks are a rising vehicle for identity theft. How can you protect yourself?

When your SSN is leaked through your business

In 2024, a massive data breach involving data broker National Public Data resulted in the exposure of Social Security numbers for over 270 million Americans – considered to be one of the largest breaches of sensitive personal data in U.S. history. But there are also risks involved when your own SSN as a business owner is exposed.

While the chance of a random customer using your Social Security number from a receipt for fraudulent purposes may seem remote, it highlights a broader concern: There could be numerous places throughout your business operations where your SSN is unnecessarily exposed to risk. Your SSN can often be found on online business tax forms, and depending on where you live, business licenses and permits.

Social engineers could also utilize the contact information you’ve posted online to pose as a customer to try to get you to reveal your SSN. They could also hack through your store’s cybersecurity protection system.

If cybercriminals obtain your Social Security number, they can inflict significant damage on your online business. They may open unauthorized credit accounts or secure business financing under your identity.

What to do during a leak

If your Social Security number has been exposed through your online business, it’s critical to act fast — not just to protect yourself, but also to safeguard your customers and preserve your business’s integrity.

Report the leak to the Federal Trade Commission (FTC) right away and fill out the information on their identity theft site. Next, place a fraud alert on your credit report at any one of the three major credit bureaus (Equifax, Experian and TransUnion). The alert lasts one year but you can extend it if the matter isn’t resolved quickly enough.

Third, freeze your credit – you must call all three bureaus to freeze your account. Freezing your credit is free and restricts access to your credit report, helping prevent new fraudulent credit accounts from being opened in your name. And if you suspect any fraudulent business tax filings using your SSN, file an Identity Theft Affidavit through the IRS.

Even though the breach was of your personal Social Security, you may be legally obligated to inform customers, clients and vendors of the leak, depending on where you live.

Preventing an SSN leak

Discovering that your Social Security number may have been compromised during business transactions can be alarming. However, there are proactive measures you can implement to protect yourself from potential identity theft.

Consider applying for an Employer Identification Number (EIN) to use on business forms and payment processors in place of your SSN. Don’t make business transactions or share personal information through email or unsecured sites, and make sure to enable multifactor authentication on all banking, payment and online marketplace sites.

Consider investing in more advanced cybersecurity software for your business, including password managers, encrypted data storage and cloud platforms. You may also want to consider purchasing Identity Theft Insurance for your business.

This article provides information only and should not be construed as advice. It is provided without warranty of any kind.