Posts

A phishing scam has led to the unauthorized access of more than 500,000 students’ identifying information in the San Diego Unified School District. Through emails sent to staff members of the school district, an outsider was able to gain staff members’ login credentials and view students’ profiles.

Phishing scams like this one are all too common. By masquerading as an official email from a verified source, outsiders can trick recipients into all manner of sensitive activities, from changing passwords and account numbers to transferring funds to paying phony invoices. In this case, the emails likely required staff members to verify their usernames and passwords.

The phishing attack is believed to have been carried out between January and November of this year, but school system officials first became aware of it in October. However, the credentials gave the unauthorized person access to student records dating all the way back to the 2008-2009 school year.

Impacted individuals are being notified by letter from the school system, and the current investigation has already identified someone believed to be responsible. Officials have not determined whether or not any of the data was actually stolen or used, but it was certainly possible to steal complete identities from the activity that occurred; therefore, they are treating this incident as a data breach.

There are some important takeaways from this news. The first is that sharing your information with outsiders can result in the loss of that data. If you are not absolutely legally required to turn over your complete identity or that of your children, don’t. If you are required to provide it, ask who will be able to access it and how it will be protected. In the case of the school system, even base-level staff members were able to view details like birthdates and Social Security numbers, something that they didn’t need.

Also, if you receive a notification letter that your information has been breached, it’s vitally important that you take note of what data was compromised and what steps the company is taking to make it right. If the company is offering credit monitoring or identity monitoring, don’t delay. Sign up for that support immediately to take advantage of the protection.

Finally, since this incident involves children’s personally identifiable information, parents and guardians must be cautious about their children’s identities. Too many young people only discover they’ve been victimized this way when they become adults and attempt to get a job, enlist in the military, apply for financial aid, or other similar actions. Parents can freeze their children’s credit reports to reduce the chances that someone will use their information maliciously.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The 2018 Impact of Data Breaches and Cybercrime

When it comes to a credit freeze, consumers have to ask themselves when they should take this step, and why. The “when” is easy… the answer is NOW. There are very few reasons to leave your credit report unfrozen, all of them stemming from your life circumstances that involve high-volume spending, the need for new accounts or other similar, limited situations.

But “why”, is a little more difficult to explain. Your credit report is the document that gives lenders an idea of what kind of borrower you are. It contains lengthy information on your previous spending and payoffs, your open lines of credit, the amount of debt you carry, and more. However, this report is also the tool that lenders need in order to issue you a new account or line of credit; no report, no new credit card or car purchase.

It’s easy to see how blocking access to that report can prevent new lines of credit from being issued, and that goes a long way towards protecting you from fraud if someone steals or fabricates your identity. When the criminal applies for a new credit card, home utilities, a car or other similar account, the credit report will come back to the lender as “frozen,” essentially blocking the account.

This is one of the strongest measures consumers can take to help reduce their risk of financial identity theft. There are other ways your personally identifiable information fall into the wrong hands can harm you, but new account fraud is one of the easiest but most devastating scenarios. At the same time, there are not many other actionable steps consumers can take that can have this much of an impact on identity theft and fraud.

Remember when we said you should do it right now? There’s never been a better time. New legislation goes into effect this week that will remove the fees associated with freezing and thawing your credit report. Even though it takes time to “thaw” should you need it (a few business days, typically), you will no longer have to pay a fee for protecting your credit report this way. All three of the reporting agencies—Experian, Equifax, and TransUnion—will no longer charge this fee thanks to legislation that was passed after the Equifax data breach.

In order to freeze your credit, here are a few steps to take. While you handle that, remember that you’re also entitled to one free copy of your credit report from each of the three major reporting agencies every year. You don’t have to request them all at once, though, so you can stagger your requests a few months apart and get a look at your credit report all throughout the year.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?

It turns out the boogeyman is actually hiding in the deep dark web, not your child’s closet.

Identity theft is often misconstrued as an issue that only adults deal with; however, it’s also something that affects children. According to Javelin Strategy and Research’s 2018 Child Identity Fraud Study, one million child identity theft cases were reported in the U.S. last year.

It is important to note that these are only reported cases, so the actual number of child identity theft victims is likely higher. According to the calls we receive from impacted individuals, many child identity theft cases go underreported because they may have been perpetrated by a custodial or non-custodial parent, a close relative or even family friend, and the victim might not feel comfortable pressing charges.

Criminals see children’s identities as a hot commodity because they’re typically unmonitored and clean. Since children don’t start to establish credit until they are an adult (age 18) and open their first credit card or take out a loan, parents don’t usually think to check their child’s credit history. Unfortunately, criminals see this as the perfect opportunity to use your child’s information to open up several accounts, which may go undetected for years.

After the child’s information is stolen, criminals often turn to the dark web to sell it for as low as one dollar. The Dark Web, which contains some areas that are not accessible by normal internet browsers or are gated, holds a variety of illicit activity. So if you’ve been a victim of a data breach or gave personal information to a scammer, your information might be living there, as well as your child’s information.

Even though your child isn’t opening up new lines of credit at the moment, they are still at risk of having their information exposed. One way this can happen is through a data breach.  You should be aware that accidental breaches do occur and you should be mindful of the consequences. For example, schools, doctor offices and daycares hold your child’s personal identifying information (PII) and could be potentially breached. It’s important to find out how your child’s information is collected, stored and disposed.

Often times, thieves will buy a child’s Social Security number (SSN) from the dark web and combine it with a fake date of birth, address and name to completely fabricate an identity. Considered synthetic identity fraud, this is an increasingly common method that criminals use to commit identity theft.  In order to protect your child from the dark web, it’s important to check if a credit report exists with your child’s SSN regularly, never carry their SSN and only provide their SSN when it’s required.

Checking for the existence of a credit report with each of the three credit bureaus is a leading way to identify child identity theft. There are other indicators including the following:

  • Your child receives offers for pre-approved credit cards.
  • You receive bills in your child’s name.
  • A collection notice arrives with your child’s name on it.
  • Your application for government benefits for your child is refused because benefits are already being paid out to someone using your child’s Social Security number.
  • You receive a letter from the IRS saying your child owes taxes. Be aware, however, that any phone call from someone claiming to be with the IRS is almost certainly fraudulent. The IRS communicates with taxpayers by U.S. mail only.

You can contact the Identity Theft Resource Center for free assistance at 888-400-5530 or through the live chat feature on their website: https://www.idtheftcenter.org/

Experian proudly provides financial support to the Identity Theft Resource Center.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.