Here’s how to protect your children from identity theft


Alan Brill has scoured computers for intelligence left by Iraqi forces retreating from Kuwait. He has probed a bank in Bosnia suspected of funding ethnically targeted mass murder. He has investigated the work of hackers who got inside the 2008 presidential campaign networks of Barack Obama and John McCain.

What’s on his radar now? Your kids.

As school ends and camp and summer jobs begin, scammers are after their identities, which can be teased out from information given in application forms. Identity thieves can use a child’s Social Security number, for example, to “apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live,” the Federal Trade Commission warns on its website.

“When you think about kids, in some ways they have the most vulnerable identities, but they are the ones people think about least,” said Brill, senior managing director for cybersecurity and investigations at the New York security firm Kroll Inc. “It’s kind of a perfect storm for the bad guys.”

Kids’ identities, which can be used for a long time, are low-hanging fruit. In addition to requesting a Social Security number, camps, sports leagues, and potential employers may ask for insurance information and other personal data. Criminals see computer systems at camps and other extracurricular programs as easy hacking targets. At the same time, there are no potentially lucrative financial accounts tied to a child’s identity. So while the future damage can be incalculable, your child’s identity goes for cheap — $10 to $25 on the dark web, depending on supply and demand.

While it isn’t clear how many child identity thefts are committed annually in the U.S., said Brian Lapidus, who heads the identity theft and breach notification practice at Kroll, “this is a big problem that we’re seeing an increase in year over year, as criminals get more savvy.”

Here, Brill and Lapidus offer their thoughts on child ID theft. Kroll and ID protection company LegalShield launched a service called IDShield two years ago, but such services aren’t the first line of defense for concerned parents. It’s simple awareness of the problem.

Both men have quizzed their children’s or grandchildren’s camps on their cybersecurity practices and safeguards. You can imagine it was a pretty good grilling. Here’s what to do and what to look out for in guarding your own young ones’ identities from thieves.

Q: How do you know if your child’s identity has been stolen?

Brill: Unfortunately, in many cases you find out the hard way. Either your kid eventually applies for credit and discovers he has a terrible record, or someone has been using your kid’s information for something like W-2 fraud, using it to work when they’re not supposed to be working, and a year and a half later your child gets a nasty letter from the IRS saying, “We have W-2’s for you, why haven’t you filed your taxes?”

Or your kid looks to go to college, and the college says, “Why do you owe AmEx $37,000 on a credit card, and why do you have bankruptcies on your record?” It can cause problems for the kid, and for parents who want to protect the identity of the of kid.

Another thing we see that is scary is how criminals use your kid’s identity to get medical services for another kid. In this age of electronic medical records, there may be a fairly extensive record under your child’s identity, but it has a different medical history and blood type than your child. The last thing you want is your child to go into the hospital and the medical staff to have the wrong information and your child’s medical history and all else.

Q: What are other areas in a child’s world where identity theft issues come up?

Brill: The internet of things. You probably read about the (Bluetooth-enabled) doll marketed in Germany that recorded a lot more than you, as a parent, would want and sent it to a cloud-based server. A lot of American toy companies follow the Children’s Online Privacy Protection Act about collecting information from kids. But when you get knockoff versions of a product that is imported, that’s not necessarily the case, and you don’t know where the data is going, how it is being protected, if it is being misused.

Lapidus: Also, you have teenagers applying for jobs in the summer, and with a lot of applications, they have to give their Social Security number. You see job fairs where someone shows up saying, “I’m from X organization,” and people fill out applications. What the group really is is an identity theft ring. Say it’s a popular job fair, they get 500 applications, they walk out the door and have 500 identities to sell on the dark web that day.

Q: In that case does a parent just tell their teen not to give out a Social Security number?

Lapidus: I’m not sure most 16-year olds would say this … but conceivably they could say, “Hey, I’m really interested in working for your organization, but I’m not going to give you my Social Security until you are ready to make an offer because my dad is in security, and I worry about things like that.” It’s about having that dialogue with your child and that sense of awareness.

Q: Where are the attacks coming from? What kind of cybercriminals are we talking about?

Brill: In large part, the nation/state actors don’t care about your kid’s data. If they were to get it, it would just be accidental along with other stuff they grabbed. The people who traffic in this data are mostly commercial cybercriminals who are going to use it for credit frauds, medical frauds and W-2 frauds. It tends to be very low-level hackers who aren’t very creative. But if the place where the data is stored hasn’t done the security basics, they can run an attack that might get them that data.

Q: Aside from warning your kids, what can a parent really do?

Brill: To me it’s really an area where parents can do quite a bit, but not if they aren’t thinking about it. The first question to ask a company is how are you protecting my kid’s data? If they look at you like you are speaking Klingon, that’s probably not a good thing. You want to hear something that makes sense, for them to have an answer that shows they have thought about it. They might tell you how they limit access to data, how they limit the information they collect. I’ve found that once you ask that question and listen to the answer, you tend to get a good or bad feeling about whether they are serious about it or not. It all comes down to consciousness of this as an issue, asking questions, and in some cases working together. Very often a camp will have a parents association, and if your kid was there last year and is going again this year, you probably have some contacts that you can speak with and take a little collective action.

And you want to monitor your kid’s Social Security record just as you would for an adult to see if anything is reported.

Lapidus: You can see if a credit file is available on your child. A lot of products have the capability to do some kind of monitoring for minors. There are some indicators of (identity) compromise. There’s monitoring of the dark web. One thing I always find interesting is if a child gets an explanation of benefits from an insurance company and it has nothing to do with them. You might think that was just a clerical mistake, but it would be an indicator that something is awry. We had a case a few years ago where an 87-year-old woman received an EOB for a rhinoplasty. She called us up and said, “Hey, I have not had a nose job.”

Talk to us

More in Herald Business Journal owner Tom Harrison at his brick and mortar storefront on Tuesday, Sept. 6, 2022 in Everett, Washington. (Olivia Vanni / The Herald)
Near-death experience planted seeds for downtown Everett toy store

Former attorney Tom Harrison survived 9/11. It caused him to ask what’s important in life. Today, he runs MyMyToyStore.

Sean Jones, membership executive of Everett's Freedom Boat Club, helps club member Carolyn Duncan load equipment onto her boat before she and a friend head out crabbing onThursday, Aug. 11, 2022, at the Port of Everett in Everett, Washington. (Ryan Berry / The Herald)
New Everett franchise offers boats at Everett Marina

Freedom Boat Club’s newest Washington location is in Everett, with six boats available to its members.

Devin Ryan, left to right, talks with Donald Whitley and Drew Yager before a test ride at Bicycle Centres Wednesday in Everett, Washington on August 24, 2022.  (Kevin Clark / The Herald)
New hands take the handlebars for Bicycle Centres

Longtime employees Devin Ryan, Aron Chaudiere and Ryan Brown bought the business that’s been around since 1976.

A truck drives past a sign displaying fuel prices on Friday, Sept. 2, 2022 in Arlington, Washington. (Olivia Vanni / The Herald)
Diesel prices stay high for truckers, farmers

Gas prices have fallen steadily this summer, but diesel costs have started to climb again.

FILE - Test engineer Jacob Wilcox pulls his arm out of a glove box used for processing sodium at TerraPower, a company developing and building small nuclear reactors, Jan. 13, 2022, in Everett, Wash. A major economic bill headed to the president has “game-changing” incentives for the nuclear energy industry, experts say, and those tax credits are even more substantial if a facility is sited in a community where a coal plant is closing. Bill Gates' company, TerraPower, plans to build an advanced, nontraditional nuclear reactor and employ workers from a local coal-fired power plant scheduled to close soon. (AP Photo/Elaine Thompson, File)
Everett nuclear research facility gets $750 million infusion

Bellevue’s TerraPower, which operates an Everett facility, got a hefty investment to fund research.

Logo for news use featuring Snohomish County, Washington. 220118
Business briefs: Leadership Snohomish County names new executive director

Plus a new short-term, career programs at Edmonds College, state grants for small businesses and more.

Tim Leonard, owner of the Machine Shop, is closing the arcade this fall. (Photo by David Welton)
Arcade owner to pull plug on beloved Whidbey Island business

Tim Leonard, owner of the Machine Shop in Langley, recently decided he’ll call it quits this fall.

Jennifer Sadinsky is the owner of Grayhorse Mercantile, one of Langley’s newest stores. (David Welton)
Shopkeeper brings taste of Europe to Whidbey Island

A first-time business owner’s dream of opening a cheese shop became a reality this year.

Toggle’s Bottle Shop is closed permanently on Monday, Oct. 3, 2022, in downtown Everett, Washington. (Ryan Berry / The Herald)
Citing landlord dispute, Toggle’s closes in downtown Everett

The popular taproom shuttered Sunday. “Everett needs a cooperative landlord-tenant relationship in the commercial district,” a co-owner said.

The Think Tank Cowork building located in Everett's historic downtown district has been beautifully preserved and updated.
Bridge the work and work-from-home divide with Coworking

Shared workspace in Downtown Everett offers the amenities you want + flexible packages

Rick Winter (left) and Gary Yang, the founders of the former UniEnergy Technologies, stand with one their latest batteries, the Reflex, August 10, 2022. (Dan DeLong/InvestigateWest)
‘Chaotic mess’: Clean energy promises imploded at Mukilteo battery maker

UniEnergy Technologies absorbed millions in public funds, then suddenly went dark. The company is accused of providing tech to China.

Eviation's all-electric plane in flight Tuesday morning in Moses Lake, Washington, on Sept. 27, 2022. (Eviation)
Arlington’s all-electric plane, Alice, takes first test flight

Eviation Aircraft’s battery-powered plane logs successful first flight from Grant County International Airport in Moses Lake.