It’s a standing joke that in the first week of school, parents have more homework than kids. One form our schools have always sent home is the permission slip for releasing directory information. Like me, perhaps you thought checking “no” and signing it was enough to keep your kids’ information safe. The sad truth is that most schools are under-equipped to keep our children’s data secure. After all, if big financial companies employing the latest in cybersecurity can’t keep our information safe, why should underfunded schools with out-of-date technology?
That should concern parents, because children are especially vulnerable to identity theft. With their squeaky-clean credit histories, our children’s data are the crown jewels to identity thieves. And the consequences aren’t pretty: identity thieves can use the data in multiple ways, like opening credit cards, obtaining government benefits and health care, using Social Security numbers to obtain identification for employment, applying for loans, and more. Once done, they can then sell it to other criminals.
Often, stolen identities are not discovered until it’s time for your teen to apply for an education loan or their first credit card. It can take years to repair damaged credit, and that can hamper your child’s ability to rent an apartment, apply for a loan, or even get a job. “Your credit touches virtually everything,” says John Sileo, a cybersecurity expert with The Sileo Group who has personally battled identity theft.
The New York Times, NBC News, and other outlets have reported that children as young as one-week-old have had their identities stolen. One young person who posted in an online forum for renting apartments in New York City expressed frustration with being unable to rent a place because his identity had been stolen as a teen.
A troubling trend
According to a Carnegie Mellon report, there were 11.7 million reported cases of identity theft in 2008. Researchers in the study looked at over 42,000 identity scans of children 18 and under and found that 10.2 percent had had Social Security numbers stolen – a rate that’s 51 times higher than the rate of adults who experienced the same theft.
Experts say it’s just going to get worse.
One mother I spoke to found out that all three of her children’s identities had been stolen when a pharmacy called to verify a prescription. It took her more than a year to resolve, and she ended up putting credit freezes on all her children’s files. This happened over 10 years ago. “Had it happened now, I think the repercussions would have been much, much worse for my kids,” says the mother, who wished to remain anonymous.
With more data than ever being digitized and more thieves and hackers trolling for vulnerabilities “it’s a catastrophe waiting to happen,” said Rachael Stickland, co-founder of the Parent Coalition for Student Privacy, an organization that advocates for stricter regulations to safeguard children’s data.
Just this month, the U.S. Department of Education issued a warning that many school districts have been targeted for extortion and threatened with the release of student data. Higher education is also vulnerable. Stickland says that colleges and universities report upwards of 4,000 attacks of ransomware a day.
In addition to inadequate protections at institutions, experts say there simply are not enough regulations in place that keep companies from selling children’s information. While FERPA supposedly protects this information, in 2012 many parents became aware of loopholes when the company inBloom, funded by the Gates Foundation, was able to set up service contracts with schools that accessed student information without parental permission. While the company closed after many states passed laws preventing any outside vendor from aggregating student data, it exposed the inadequacies in the system. The CEO of inBloom defended their database, saying that it was up to the schools to upload the data and that parental concern was really a misunderstanding.
An ounce of prevention
What it comes down to is that parents are left with little recourse to protect their children, but there are some things we can do. Educating ourselves is the first step, says both Sileo and Stickland. The Parent Coalition for Student Privacy provides a free downloadable toolkit that explains what data is collected, how it’s used, and how you can protect your children.
Parents also need to talk to their kids and make sure they know what to share and not share. “Educating kids often gets passed over,” says Sileo. Stickland recommends that parents frequently remind their kids about what they should and shouldn’t be sharing on social media.
Be sure to safeguard your child’s information by shredding documents that contain data. Ask schools and other groups that keep information where it’s stored and how it’s kept private. Only give out information that’s necessary to people you trust.
Some cases of identity theft are actually perpetrated by parents, guardians, and other adults who know the child. The Federal Trade Commission (FTC) suggests safeguarding your child’s information from anyone who may find it tempting to steal your child’s identity because they’ve been turned down for benefits or credit.
The FTC also recommends checking your children’s credit reports before they turn 16 so there’s time to address issues before starting the college search process and applying for jobs. You can request a free credit report annually for both yourself and your family members through annualcreditreport.com. Through this service, you can obtain free credit reports from the three credit reporting agencies – Equifax, Experian, and TransUnion. (There is a charge if you want to check it more than annually.)
You may find that there is no report on file for your child. Sileo recommends not doing anything until there’s actually a report, then freezing it. However, freezing your child’s credit report can be time-consuming and comes with its own challenges. It often requires you sharing the information you’re trying to keep private, like copies of birth certificates and Social Security numbers.
Many parents and advocates would like an easier process for freezing a child’s credit report. A number of states have passed legislation requiring credit bureaus to work with parents to freeze their children’s credit files. On the federal level, Rhode Island Congressman Jim Langevin has introduced legislation to allow parents and guardians to create a protected, frozen credit file for their children.
“We’re in a surveillance culture. What happens with our data could have a lasting impact,” says Stickland. “I think it should be a consumer right that your credit should be protected by default.”
Warning signs that your child’s credit may be compromised
Rejection for government benefits
IRS notices about taxes in your child’s name
Collection calls or bills for products or services you didn’t buy
Claims for medical treatment that they didn’t receive