We’ve Got a New Mobile App

If you’re an existing online and mobile banking customer, we’ll send you an email to let you know when you’ll be able to download and use the new app. New online and mobile banking customers can download the app now.

Insights & Stories

Social Security Number hack: What to know and how to protect yourself

Reading time: 8 minutes

March 12th, 2026

cyber lock graphic cyber lock graphic

A recent cyberattack rocked Hawaii news: A data breach may have exposed the Social Security numbers and other personal information of up to 1.15 million people.

But it’s not just local institutions that are vulnerable. In 2024, a data breach at a Florida-based company that aggregates consumer information for background checks, revealed how much personal information can be exposed in a large database compromise. The breach reportedly involved the personal data of millions of Americans, including full names, Social Security numbers, email addresses, and mailing addresses, with records dating back decades.

When breaches happen, stolen information may circulate online or appear for sale on the dark web, increasing the risk of identity theft and financial fraud.

How do data breaches happen?

Most data breaches happen when attackers gain access to systems through technology, human behavior, or both. They often combine technical vulnerabilities with social engineering tactics that manipulate people into revealing sensitive information or granting access.

Once inside a network, attackers can view or download sensitive information. Below are common methods used in data breaches and what to watch for.

Malware and Trojan horse emails

One common tactic involves emails with malicious attachments or links designed to look legitimate. Messages may appear urgent and ask you to review a document, confirm account information, or respond quickly.

Opening the attachment or clicking the link installs harmful software that can capture passwords, track keystrokes, or allow attackers to move through a network.

To reduce your risk: Only click on links from trusted sources. Log into accounts through your normal website or app, not email links. Report suspicious messages so platforms can block the sender.

IT vishing scams

In vishing scams, someone calls pretending to be part of an IT or technical support team. They may claim they need to fix an issue or perform maintenance and ask for login credentials or verification codes.

To reduce your risk: Never share passwords or one-time passcodes. If a call seems suspicious, hang up and call the company back using a verified phone number.

Business email compromise

Business email compromise scams target employees with access to sensitive systems or financial transactions. Attackers impersonate a trusted person, such as a manager or vendor, to request money or information.

To reduce your risk: Watch for unusual timing, requests that break normal procedures, and urgent pressure to act quickly. When in doubt, verify the request through another channel.

What can you do if your Social Security number is exposed in a data breach?

You can’t control when a breach happens. But here are six steps you can take to limit the damage and protect yourself from identity theft or fraud.

  1. Set up credit monitoring
    Credit monitoring helps you spot suspicious activity quickly. You are entitled to free weekly credit reports from each of the three major credit bureaus at AnnualCreditReport.com.
  2. Update your account information
    Make sure your email address, phone number, and mailing address are current so you receive alerts and important notices as soon as possible.
  3. Change your passwords
    If your information was exposed, update passwords for financial, email, and other important accounts. Use unique passwords for each account and consider a password manager.
  4. Turn on multi-factor authentication
    Multi-factor authentication adds an extra layer of protection by requiring additional verification beyond your password.
  5. Freeze your credit
    A credit freeze restricts access to your credit report, making it harder for someone to open new accounts in your name. Contact Equifax, Experian, and TransUnion to place a freeze.

    It’s important to contact all three, because different lenders rely on different agencies—and you will not be fully protected if you only choose one or two. You can submit your request online, by phone, or by mail.
  6. Be careful about what you share on social media
    Limit public sharing of personal details such as birthdays, family names, and workplaces. Review privacy settings regularly.

Stay one step ahead of identity theft

Data breaches are an unfortunate reality, but acting quickly can help limit the impact. If you notice suspicious activity, respond right away and take proactive steps to protect your accounts like those we’ve listed above. To learn more about how to bank securely and protect your accounts, visit our Security Center.

Browse More

You're about to exit BOH.com

Links to other sites are provided as a service to you by Bank of Hawaii. These other sites are neither owned nor maintained by Bank of Hawaii. Bank of Hawaii shall not be responsible for the content and/or accuracy of any information contained in these other sites or for the personal or credit card information you provide to these sites.

Targeting cookies must be enabled to view this video

Watch this video on YouTube

Functional cookies must be enabled to view this video

Watch this video on Vimeo