Organised Cyber-Crime Steals US Children’s IDs

Organised cyber-criminals have taken what used to be a minor domestic crime and turned it into a global ID trafficking ring. In these cases, the data that’s so valuable are the Social Security numbers of young American children because they can easily be matched with any name and date of birth and used to create fraudulent identities, obtain credit or even dodge residency rules for getting work in the United States.

There was a time when problems with child ID theft came from family members of young children who would use their SSNs to get around poor credit or even criminal records, but that’s changed. According to testimony by the Federal Trade Commission delivered to the House Committee on Ways and Means’ subcommittee on Social Security, “Children’s SSNs are uniquely valuable because they lack a credit history and can be paired with any name and birth date.”

Problems discovered too late

Worse, the problem usually isn’t discovered until years after the theft takes place because children can’t apply for credit on their own. During that time, the criminals with the stolen information can have free rein to sell the information to others or to establish credit and run up hundreds of thousands of dollars in bad debt.

The numbers are stolen in a variety of ways. The most common is data breaches due to lax or nonexistent security relating to a child’s personal information. A wide variety of US organisations demand a child’s SSN regardless of whether they have a legitimate use for it. These groups may be day care centres, sports leagues, doctors’ offices or schools. In many cases, such as children’s sports leagues, the information may reside on a club official’s personal computer with no security whatever.

While doctor’s offices and hospitals are supposedly covered by the Health Insurance Portability and Accountability Act (HIPAA), health care organisations along with educational institutions are the greatest sources of data breaches, according to Matt Cullina, CEO of Identity Theft 911. Cullina said that security can be so lax at some hospitals that employees gather the newly issued Social Security numbers of newborns and pass them to their criminal partners. Laws in many states that mandate that children have a valid SSN before they leave the hospital help ensure that such people can get the numbers whenever they need them.

But sometimes the security breach is self-inflicted. Cullina tells of a high school in the Midwest that published its honour roll, listing each student’s name and other information from the student’s records—without noticing that the information included the student’s full name, date of birth and Social Security number.

Ultimately, these data breaches cause enormous economic damage to the businesses that must eventually suffer the losses from fraud, but of course they also create enormous problems for the children who have had their identities stolen, especially if the theft isn’t discovered until the child looks for his or her first job or applies for that first education loan.