U.S. Markets closed

Hackers' favorite targets are the hardest to protect: kids

Hackers' favorite targets are the hardest to protect: kids

In the “dark web” hideouts where fraudsters buy, sell and trade pieces of stolen consumer data like currency, there is nothing more valuable than the untouched, untarnished Social Security number of an unsuspecting minor.

That’s because kids, who typically have no credit files to speak of, are basically a blank check to enterprising identity thieves.  

“Children have no credit history, which means you could essentially create a credit history from scratch using their information and run up credit card bills, sign up for other services and then eventually stop making payments and they’d never know it,” says John Ulzheimer, consumer credit expert at Credit Sesame.

For the most part, the usual culprits behind child identity theft aren’t faceless hackers from China or Russia – they’re Mom and Dad. In fact, more than half a million U.S. minors have had their identities stolen by a parent, according to the latest data from ID Analytics. It makes sense. Who else would have easier access to a child’s SSN than the cash-strapped parent who checks them in at all their doctor’s appointments?

The gap in the system

But herein lies another problem — the medical providers themselves. Of the 783 data breaches reported by U.S. companies in 2014 (a record), more than 42% were in the medical and health care industry. That’s bad news for minors. If children’s data are what you’re after, there may be no richer source than health care providers. Not many 12-year-olds have Home Depot or Target credit cards. Plenty of them are listed on their parents’ insurance policies.

The risks that data breaches pose for minors became especially apparent last month with news that nearly 80 million consumers were impacted by a data breach at Anthem, the second-largest health insurer in the U.S. The breach exposed just about every piece of data a hacker would need to slap together a new identity — SSNs, addresses, dates of birth, income levels, you name it.

An Anthem spokesperson could not say how many of the impacted consumers were minors, but it’s almost certain that they numbered in the millions. Michael Bruemmer, vice president of consumer protection at Experian, which is currently managing identity protection services for victims of this week’s Premera data breach, puts the estimate at 25% to 30%. That means as many as 24 million kids might be at risk.

The real issue is that there aren’t strict regulations on how companies protect user information — Anthem, for example, revealed it had not encrypted the user data that was stolen in February’s breach, which would have made it much harder for hackers decode. That could change as data breaches continue to dominate news headlines. As it stands, companies smooth things over with customers by tapping a credit-monitoring service to offer up their services for free for a year or two. Anthem chose All Clear ID, the same company that handled Home Depot’s data breach in 2014.

For parents of minors, All Clear ID offers two years of protection under its ChildScan service, which combs “thousands of databases” for instances where your child’s information might be used for fraud, according to the letter Anthem sent to data breach victims earlier this month. An All Clear ID spokesperson was vague on details of what kinds of databases they search (not entirely surprising, since the less hackers know about their monitoring procedures, the better.) Instead, we were pointed to their website, which said it searches medical accounts, credit records, employment records and criminal records.

But if we’re talking about a child, they’ll likely need more than a couple of years’ worth of protection. Smart thieves wait at least a year or two before they start trotting out stolen information, Ulzheimer says, in hopes that consumers and law enforcement will have lowered their guard.

All Clear ID doesn’t tip parents off when a new credit file has been created under their child’s Social Security number, either. Since minors rarely have credit files, the creation of a new one — which can be triggered when someone uses that SSN to buy a cellphone or take out a loan, for example — can be proof that a shady player is involved.

“It’s really important to have protection for children that looks for the creation of a credit file and monitors for that creation on an ongoing basis,” Bruemmer says.

How to protect your child’s identity

Identity theft is the fastest growing crime in the U.S. for a reason — it's an incredibly complicated problem to solve.

“There is no panacea, unfortunately,” says Eva Velasquez, President and CEO of The Identity Theft Resource Center, a nonprofit that offers free assistance to victims of fraud. “But thieves tend to go for the low hanging fruit, so you can try to take simple steps that will minimize your risk.”

Here are a few simple steps any parent can take:

Only poke around your child’s credit file if you have good reason to suspect fraud. Did you get a letter from a company alerting you that your child’s information may have been compromised in a data breach? Is your child suddenly getting a bunch of credit card offers in the mail despite the fact that they still have baby teeth? These are two clues there may be something to worry about. Otherwise, it can actually be detrimental to continuously request your child’s credit report from credit bureaus. Experts recommend you start by filling out a child credit inquiry with one of the three major bureaus (TransUnion’s form is simplest). The answer you want to get back is that there is no credit file under your child’s name, which is how it should be. If a credit file turns up, it’s time to start digging to see if it may be the result of fraudulent activity; request credit histories for your child from the other two major bureaus. If fraud is found, the bureaus will work with you to clean things up.

Request a credit freeze. A credit freeze ensures no one can create a new line of credit on an existing credit file, while still allowing you to use existing credit accounts without a problem. For a child who likely doesn’t already have a credit file to freeze, credit bureaus have to first create a credit file for them and then freeze it. Depending on your state, a credit freeze could be free or cost up to $10 (that’s still a lot cheaper than what most credit monitoring services cost). It’s an effective way to ensure no new credit lines are opened under your child’s name. But just remember: it can’t stop a thief from pursuing other popular avenues of ID theft, like using a stolen SSN to apply for a job, obtain medical services or fill out a fraudulent tax return.

Sign up for extended fraud alert. The unsettling thing about data breaches is that you never quite know when hackers will use the information they’ve stolen. Even if your child was a minor when their data was compromised, encourage them to keep a close eye on their credit when they start a credit file as an adult. They can easily request a fraud alert, which requires lenders to verify your identity before extending new credit. An initial fraud alert (which is free) only lasts for 90 days but you can extend it for up to seven years (also for free). An extended fraud alert comes with other perks, too: you can get two free credit reports within 12 months from each of the major credit bureaus, and they have to take your name off marketing lists for pre-screened credit offers for five years, unless you ask them to put your name back on the list.

Use free resources in your state. The ITRC, a nonprofit, publishes an interactive map that tells consumers exactly what types of services are available to them in their state. You can also call their hotline (888-400-553) and speak with a specialist who can help put together an action plan for free.  

Don't make yourself the low-hanging fruit. Parents and kids (when they're old enough) should be extremely cautious about sharing their personal information with a business or through social media. You'd be surprised how many excited 16-year-olds jump on Facebook to post a photo of their new license after passing their driving test — that's a no-no. If a school, a doctor’s office or any other service requests your child’s SSN, don’t give it up without first asking exactly why it’s needed. If they say it’s not entirely necessary, better not to take the risk of having it compromised. "This is something consumers can ask — 'How are you housing my information and how are you protecting it?'," Velasquez says. "Once you find out, then you have some choices to make."

So what about credit-monitoring services anyway?

If you’ve got about $20 a month to spare and think that’s a good price for peace of mind, then sure, some of these services can be valuable, especially in the interest of saving time.

Just be wary of any service that charges you for things you can already do for free without their help — like setting up a credit freeze, adding fraud alerts and getting a free credit report. Also, they may only be monitoring your credit report with one bureau, rather than all three, so be sure to check if you want complete coverage.

Do-it-yourself-ers can track their own credit reports (and scores) for free today using a handful of online tools: Credit Karma (Transunion, Equifax); Credit Sesame (Experian); Quizzle (Equifax); and Credit.com (Experian). Each offers free monthly credit reports and free credit scores. Just keep in mind their reports and scores come from different credit bureaus, so you might have to sign up for more than one to get a full picture of your credit history.

"It's really about being proactive in your detection of fraud and paying attention to red flags," Velasquez says. "Just like we tell [our kids] to look both ways and hold their hand to cross the street, we have to start applying that to heir fiscal health as well."

Have you been the victim of data breach? Email us at yfmoneymailbag@yahoo.com.

Check out more from Mandi:

5 apps that manage your money for you

How to undo 5 common career mistakes

What do you do when your coworker earns more than you?