Posts

When the public hears about the latest data breach, they might envision a network of hackers working in the dark web. The reality, though, is sometimes a lot more mundane. Accidental data breaches can happen when information is allowed to fall into the wrong hands for any number of reasons, but the concerns that can arise can be just as serious.

In the past, accidental data breaches have occurred due to issues like losing an unencrypted laptop or flash drive. Other incidents were the result of unsecured servers whose information was unintentionally posted online. In some cases, though, the breach occurred through intentionally sharing information, only it was with the wrong recipient.

That’s the case for Chicago Public Schools (CPS) in a recent data breach that compromised students’ and families’ personal data. Families in the school system were sent an email providing them with a necessary enrollment form. The link included in the email was inadvertently attached to a spreadsheet containing information for nearly 4,000 students and parents in the district. The link was active for several hours before someone noticed the error and removed the information from the link. In this specific data breach, students’ names, phone numbers, email addresses, and student ID numbers were exposed.

Experts looking into the CPS breach point to a far bigger concern than just sending out a link rather than attaching the document that was supposed to go to the parents: why is there a speadsheet of student information stored online that is accessible by anyone who finds it? The spreadsheet was not password protected, and hours after CPS officials informed parents of the error—they requested the families delete the email rather than take down the link—the spreadsheet, however, was still readily accessible. Concerned officials see that as a lack of training and awareness of how to secure students’ personal data.

Unfortunately, this incident is the third such accidental data breach in the CPS school district since 2016. In 2016, an employee sent out sensitive information to unauthorized parties, providing them with access to students’ information.  In 2017, unsecured web documents were posted on the CPS website exposing medical conditions, students’ names, identification numbers and other information.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

There was a time when child identity theft was thought of as a family problem, and it’s true that many cases over the years have been perpetrated by a custodial or non-custodial parent, a close relative, or even a family friend. Once the individual gained access to the child’s sensitive documents, they could open numerous lines of credit with the child’s “untarnished” credit record. In many cases, the identity thief may have been trying to get out of a dire financial situation, and fully intended to pay off any debt incurred in the child’s name; at the same time, some unscrupulous thieves didn’t care what consequences waited for the child down the road.

Too often, the children didn’t even know they’d been victimized until they reached adulthood and tried to use their legitimate credit.

In more recent years, though, hackers and identity thieves have begun targeting kids in order to take advantage of clean credit that no one will be monitoring for years to come. Schools, doctor’s offices, daycare centers, even school lunch computers have suffered data breaches intent on nabbing kids’ personal identifiable information.

According to Javelin Strategy and Research’s 2018 Child Identity Fraud Study, there were more than one million reported cases of child identity theft in the US last year, with the majority of those cases victimizing children under the age of eight. Another 20 percent of the victims were between the ages of eight and twelve.

Unfortunately, those are just the cases that were reported, which means the actual number of victims may be much higher.

But this new avenue of data breaches leading to identity theft doesn’t mean that parents can let their guards down about friends or relatives. The same Javelin study found that in 60 percent of the cases last year, the child knew their identity thief; that’s very different from the data point that says only 7 percent of adult victims know their identity thief.

One of the increasingly common methods of using children’s stolen credentials is to grab a Social Security number and combine it with a fake name, address, phone number, and more. Known as “synthetic identity theft,” the thief isn’t using the child’s complete identity, but rather has created a whole new person with this information. That makes it a little harder for victims and law enforcement to notice the problem in the first place or take action after the fact.

Concerned parents or guardians have a few steps they can take, though. If the child in question is over 14, they can request a credit report in the same way that any consumer does. Visiting annualcreditreport.com will provide the minor in question with a free credit report, and allow them to look it over for signs of suspicious activity. If the child is under the age of 14, the steps are a little harder. The adult must prove they have a right to access and see the information, but it’s a worthwhile step if there’s reason to believe a child’s identity may have been compromised.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.