A Complex Online World

It’s a complex electronic world we live in today, with nearly all organizations transitioning rapidly to online services. We are often encouraged to do our banking, manage our investments, renew our licenses, and pay our monthly bills online. Even shopping and buying  consumer products have made the transition to online services. Many of us are inundated daily with online solicitations to buy products or services, and even the US mail we receive sometimes suggests contacting the retailer via online means.  It is, indeed, an online world we live in today!  And that is, of course, a huge convenience – especially for senior citizens and less physically mobile Americans who are computer-savvy enough to join the exodus to online services. A convenience for sure, but what about the risks?

Convenience vs. Risk

In a recent correspondence, a reader lamented that he was very concerned because he received two separate notices from companies he did business with online, saying that they had experienced a “data breach”[1] – their customer data bases had been “hacked,” and his personal information may have been stolen. Consequently, he contacted his Congressional Representative to ask if the Social Security Administration had been notified of these data breaches.  He wanted to make sure his monthly Social Security benefits, which he heavily relied on, were not in any danger as a result of the theft of his personal information in the reported data breaches. He was not comforted by the answer from his Congressional Representative..

The Congressional Representative told him that the companies who experienced the data breach had no legal obligation to notify the Social Security Administration about what happened. And that fact only intensified his discomfort and concern about his Social Security benefit and what might happen if his benefits were stolen.  He did not want to become a victim of “cyber-crime,” so he contacted the AMAC Foundation’s[2] Social Security Advisory Service for more guidance and information.

Cyber-crime is a Big Business!

Cybercrime is, indeed, a big business – and it is a worldwide one. Nefarious individuals  the world over are constantly trying to steal personal data which can be used to gain access to the assets of unsuspecting people. Many so-called  “hackers” are individuals with the deep technical knowledge to gain access to private data bases. And if they can, they typically sell the data to other online cybercriminal organizations who, in turn, offer it for sale on the “dark web.” That personal data may then be used to scam or defraud unsuspecting individuals through various means, such as opening fraudulent credit cards in the victim’s name, accessing the victim’s banking or investment accounts or – in a multitude of other ways – trying to pilfer money from the victim’s resources. It’s a real threat facing, especially, more vulnerable seniors.  And this anxious senior citizen worried that he was in jeopardy of having his Social Security benefits – money which he needed to exist – stolen as a result of the data breach. In his words, living in fear of cyber thieves taking his Social Security is “no way for seniors to live!”  And we agree.

Data Breach Basics

State laws are important to combat fraud as a result of data breaches, and most states require informing all potentially affected people in a timely manner that their personal information has been compromised.  Sometimes, the breached organization will offer limited free credit monitoring services to minimize any fraud exposure. Some states also require that the State Attorney General be notified of the breach, along with details of what steps have been taken to mitigate individual exposure. And usually, the three main credit agencies are notified that a breach has occurred to heighten their awareness of possible fraudulent activity. The information at this link for the National Conference of State Legislators (NCSL) provides additional insight of state regulations. And in most cases, all potentially affected victims of a data breach will be urged to place a “credit freeze” on their credit account to prevent fraud. A “credit freeze” at the three key U.S. credit agencies – Experian, TransUnion, and Equifax – is simple to set up and can be turned on or off at will by you (and you only) if needed. A freeze prevents anyone but you from accessing the credit information needed to steal your financial assets.

The Social Security Connection

Although companies who suffer a data breach are not legally obligated to inform the Social Security Administration that a security breach has occurred, the SSA is keenly aware when this happens and is intensely focused on protecting everyone’s Social Security benefits from theft. For example,:

Social Security’s Office of the Inspector General (OIG) has been providing special fraud (and scam) protection for a long time, and the SSA itself has always been increasingly vigilant to ensure everyone’s Social Security is secure.  For example:

  • The Office of the Inspector General (OIG) webpage provides answers to the most frequently asked questions (FAQs) about SS fraud (see this). Here you can see what to do if you suspect you are, or may be, a victim of SS fraud.  Incidents of Social Security fraud can be reported directly and quickly to the SS OIG at this link: https://oig.ssa.gov/report/ or simply call the SSA’s OIG fraud hotline at 1-800-269-0271.  And, FYI, the OIG vigorously pursues and prosecutes all reported instances of fraud.
  • The SSA has been steadfastly increasing its security measures to combat Social Security fraud. For instance, online access to each person’s Social Security account can now be done only via either of two government approved portals – LOGIN.gov and ID.me – which offer extraordinary security features. This will go (has gone) a long way to prevent fraudulent use of Social Security numbers to steal benefits.
  • All SSA employees are required to undergo annual training targeted on fraud and scams. Regular procedural updates of prevention information are provided to employees as needed and available throughout each year.
  • When an individual reports they have been a victim of identity theft or theft, Social Security employees can create a “Special Message” in the person’s personal SS record noting this. This alerts any SS employee looking at the individual’s record what has happened.  
  • For an additional layer of protection, screening questions were implemented several years back that require all SSA employees to ask a specific set of identifying questions of in-office visitors, and of those making contact with SSA over the phone.
  • SSA employees are constantly reminded about the need to protect every individuals “PII”-Personally Identifiable Information.

This is an ongoing project which Social Security (and other government agencies) will focus on for the foreseeable future. Securing your information and your SS benefit, is an ongoing journey for the SSA – and they are constantly looking for ways to improve security and avoid fraud. There is an unending supply of foreign and domestic cyber criminals who seek nefarious ways to access American money. And, unfortunately, American seniors are attractive, and vulnerable, targets.  But the SSA is constantly looking for new and innovative ways to prevent fraud. SSA already restricts access to personal SS accounts through enhanced and very secure online portals, and provides  specialized agent training, so requiring companies who suffer a “data breach” to notify SSA that an individual’s Social Security number may have been compromised would be of limited additional value. In the end, the responsibility rests with potential individual victims to ensure that their personal information is not used in a nefarious way. But if you suspect you are a victim of any fraudulent activity, be sure to notify Social Security, which will take strong and immediate preventative action to minimize your financial exposure. Take comfort knowing that the SSA is doing everything possible to protect your Social Security benefits.

[1] In 2025, there were over 3,300 incidents of data breach in the United States.

[2] The AMAC Foundation is a non-profit arm of the Association of Mature American Citizens (AMAC), providing free Social Security Advisory Services and other educational support to American seniors.

This article is intended for information purposes only and does not represent legal or financial guidance. It presents the opinions and interpretations of the AMAC Foundation’s staff, trained and accredited by the National Social Security Association (NSSA). NSSA and the AMAC Foundation and its staff are not affiliated with or endorsed by the Social Security Administration or any other governmental entity. To submit a question, visit our website (amacfoundation.org/programs/social-security-advisory) or email us at ssadvisor@amacfoundation.org.