Cybersecurity Awareness Month - Data Breaches Affect Children Too

In 2004, October was designated as Cybersecurity Awareness Month, to bring awareness to individuals so they can protect themselves online as threats to technology and confidential data become more common. Spearheaded by CISA, this month's theme is See Yourself in Cyber which points to the fact that cybersecurity really is all about "people".  

Today, we would like to focus on one special subset of people that many do not realize can be and have increasingly been affected by ransomware and data breaches: children. Yes, children, even infants, are facing more and more instances of their data being breached and published on data breach forums as school districts and healthcare providers face a tidal wave of attacks against them.

Just this weekend, the ransomware group behind the attack on the Los Angeles Unified School District release 500GB of student's personal information stolen during the recent attack. While LAUSD received a lot of attention being the second largest school district in the US, several other school districts across the US like Elmbrook School District in Wisconsin were also dealing with attacks that saw student or community member personal information stolen.

In January, a software vendor for school districts, Illuminate Education, suffered a data breach that affected the personal information of an estimated 3 million students across the US.

For a news story in late 2021, NBC News combed through the Dark Web and found that it was littered with the personal information of school-age students and unfortunately as the article puts it "there is little parents can do" about it. NBC found that attackers had published information from 1200 different K-12 schools and some of the schools were not even aware that data had been stolen.

But What Does It Mean?

What many parents do not realize is that information stolen from children can be used to create fake identities that can come back to haunt their children when they are older. Following the Experian data breach in 2015, some parents were surprised to find that their children's data had been stolen and false identities created. Called "synthetic identity theft", fraudsters use a combination of stolen data to create an identity, obtain credit, and rack up debt. So there have been actual cases where a high school student has started applying for college loans and found that they have hundreds of thousands of dollars in debt under their social security number because a fraudster had obtained it and created a false identity with it. And unfortunately in these cases, the work of proving that it was not really the high school student running up the debt falls to them and their families which is not a pleasant or quick process.

So What Do I Do?

The first thing that parents can do to protect their children's personal information and future credit is to monitor their children's credit. Most identity protection companies offer family plans that will include the parents as well as the children for a set cost each month, and it's really not as expensive as you might think. Typically children will not have a credit report until they are 18 years old but they can still be enrolled in monitoring services to ensure that no fraudulent accounts are opened in their name.

You can also request a credit freeze from the credit agencies so that no accounts can be opened in your child's name. You just have to remember to remove the freeze when they get older and need to apply for credit.

Lastly, if you find that identity theft has occurred, report it to the Federal Trade Commission at IdentityTheft.gov with as many details as possible.