Like Chicken Pox in Grade School, Identity Theft Is Spreading — to Children

Identity theft isn’t just increasing — it’s spreading. In addition to identity theft of deceased individuals, we’re seeing a disturbing increase in attacks on another vulnerable population: children.

Recent statistics are hard to come by, but in 2012 AllClear ID reported that children are 35 times more likely to be victims of identity theft than adults. A 2011 Carnegie Mellon CyLab study that scanned identity theft protections for over 40,000 U.S. children found that 10 percent had someone else using their Social Security number—51 times more than the identity theft rate for adults.

Webinar: Follow The Leader: An Insider’s View of the CA Data Breach Report

There are a variety of theories as to why children are being targeted so often:

• Children’s personal information is exposed earlier than ever through social media, smartphones, and other connected devices.
• Adult identity thefts are often detected quickly, but child identity theft may go unnoticed—and thieves may continue profiting—for years.
• Children typically have clean records, so thieves can use their Social Security numbers to wreak havoc. The FTC notes that thieves can use children’s information “to apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live.”

Another theory is that identity thieves may be getting more sophisticated and targeting children through their schools, which typically are not protected as well as, say, financial institutions. CSID found that over 7 percent of all data breaches affect the education industry, accounting for nearly 10 percent of all the private records exposed by breaches.

Thankfully, child identity theft is making headlines and there are concrete steps that parents—as well as businesses—can take to protect this vulnerable population.

Six Steps for Parents

The FTC provides a detailed list of ways for parents to limit the risk of child identity theft. We recommend these basic steps:

1. Teach children safe online habits. Children can limit exposure with safe passwords and limited sharing of personal information, such as birth dates and home addresses.
2. Protect children’s personal information. Only share your child’s Social Security number and other private data with trusted parties.
3. Be vigilant. Watch for warning signals such as credit card or loyalty program solicitations addressed to your child.
4. Recognize dangerous events. Has a burglary or data breach occurred at home or school? Has a purse been taken with a child’s information?
5. Contact credit reporting companies. Once a year, check with the three credit bureaus to see if any credit reports exist in your child’s name.
6. Freeze the child’s credit if there has been identity theft. In states where it’s allowed, put a security freeze on the child’s account to prevent accounts from being opened.

Parents who discover that their child’s identity has been stolen can use the FTC’s website to respond quickly and limit the damage done.

Three Steps for Businesses

As reported in The Wall Street Journal, a data breach at VTech Holdings Ltd., a digital-learning toymaker based in Hong Kong, exposed the names, genders, and birth dates of 6.5 million of its child users, including about 2.9 million in the U.S.

Businesses can take several steps to protect children from identity theft and respond stronger when children’s data is exposed in a breach like the one at VTech Holdings.

1. Limit data collection. Data collection for children under the age of 13 is covered by the Children’s Online Privacy Protection Act (COPPA). Whether or not a business falls under COPPA, extra care should be taken to limit the acquisition and maximize the security of such information.
2. Recognize that data breaches affect children. It’s essential to communicate proactively to families if a data breach may have contained private information about children.
3. Credit monitoring is not enough. If a business is breached, credit monitoring is often offered to victims. That may help some children, but only if they have a credit file, which, most don’t. Complete services—including credit restoration and identity recovery—are essential to restore children’s records to their pre-breach status. When hiring outside vendors to help with data breach response, make sure they offer such comprehensive services.

As criminals become more sophisticated and ruthless, we’re likely to see more attacks against our most vulnerable populations. For parents and businesses—and, really, for all of us—that makes it more important than ever to be vigilant and take the steps necessary to protect ourselves, our employees, and our loved ones, including children.

Webinar: Follow The Leader: An Insider’s View of the CA Data Breach Report