Are you to blame for your child's identity being stolen? (Case study)

Are you to blame for your child's identity being stolen? (Case study)

Summary: In this cautionary tale, I delve into identity theft and how a parent could very well end up responsible for ruining their child's credit, or worse. This is one case study you don't want to miss.

SHARE:
TOPICS: Google, Security
32

You may or may not be familiar with previous posts of mine in regards to content I've been able to flesh out with Google, but one topic I haven't covered yet in the manner that I plan to below is how someone can easily become responsible for their child's identity being stolen, credit being ruined, etc. It's becoming far too easy to have private information end up in Google's index without you legitimately having any inkling that it could.

At any given moment, I could have a handful of Social Security numbers with which to wreak havoc. Unfortunately, it's far too easy to find that information not just in Google, but other places as well. Even more unfortunate is how simple it is to connect the dots and have yourself an amazing personal profile built on an individual. Let this post serve as a cautionary tale for you and your loved ones (pass it on for them to read) and think twice before you so willingly store sensitive information anywhere but on your computer. And as for the title of this post? It will become clear in a moment.

[Related: Beware: Social Security numbers available online via indexed tax documents]

As a case study, I decided to see how much information I could dig up on a random person after discovering, via some advanced Google querying, their SSN residing in tax documents stored online.

So, what all is in a tax document? Income, SSN, name, address, and more. In and of itself, this is enough to cook up a nasty case of identity theft, but you can take it a step farther. In my case study, I randomly found the tax documents of a girl who is now 20+ years of age. Her father is to blame for placing them on their free server space allocated to them from their ISP -- an easy mistake to make if you, like he, didn't understand how the information could end up in Google. More on that in a bit.

Now, this particular case is especially bad, because accompanying the tax documents throughout other folders I found my way to was just about everything under the sun: scanned copies of the girl's past driver's licenses, current employer information, credit-related information, tons of family pics, bank account information, and more. And this is just from her. I won't break down all the information the father had of his own there. Anyway, from this, I was able to locate this girl on Facebook, MySpace, LinkedIn, and more. And thanks to her MySpace alias being what it is, I was able to find her email address, forums she posts on, her eBay user account, her Etsy user account, and the list goes on.

Now, you don't have to tell me how creepy that sounds, because I know how creepy that sounds. Obviously, I'm not some stalker guy who's bent on, well, stalking someone, but if I was, I would have been in hog heaven. The stalking issue is a separate issue all on its own, in terms of the information you store online, but I wanted to see just how deep this rabbit hole went. And it didn't take long to find out, either, what with maybe 30 minutes being spent, tops, to find everything that I did. By the end of my journey, I was both dumbfounded and depressed by the thought of this girl's identity being capable of exploitation to this degree.

It goes without saying that it wasn't difficult for me to find out how to contact her and inform her of all of this after everything I'd discovered.

But perhaps even worse than the aforementioned... and this is really the kicker... is this girl's much younger sister, whose father claims her on his taxes. Right there in a tax document of his was her SSN and name. Is this young girl going to be in for a rude awakening the day she goes to apply for something requiring a credit check? What if she tries to land a job early on that requires a credit check? I can't even begin to stress to you the alarming rate I see instances of this within documents I find, thus, the title of this post being what it is.

I explained all of this to the young woman I informed of my findings and urged her to reach out to her father and let him know (which I would have attempted to do had I not heard back from her within a couple of days).

Lo and behold, after hearing back from her the day after, I received an email from her father a few days later and he thanked me profusely for informing them of my findings. Understandably, he was quite shaken up and upset with himself, but even more than that, he was angry at his ISP. Now, you may be thinking that this guy's the one who stored all of this information online, but I think he has a legitimate reason for being upset: his ISP hadn't made it transparent enough that the server space allocated to their users is all open to search engine indexing. After all, he had to log into a portal which allowed him to store all of this information and he had absolutely no idea that the directory he stored files in even had a URL that could be directly accessed -- much less without authentication.

The accessible URL looks something like this: http://www.randominternetisp.com/userdirectorytitle/~usernamehere/documentshere

Having been a user of his ISP for many years, and though terminology now exists in their user TOS in regards to storage space provided being accessible without authentication, he insists such was not the case previously in regards to such terminology existing in their TOS. I'm not here to play the blame game and choose sides between the father and the ISP, but whatever the case may be, the lesson here is clear: make sure you (or your parents/children/loved ones) understand how your information is going to be treated once you store it anywhere remotely, be it via server space allocated to you from your ISP, server space somewhere in the cloud (especially free services, like SkyDrive), or otherwise. Unfortunately, it's only going to get easier for things like this to happen as remote storage becomes a more enticing and easily leveraged option for everyone.

So, files have been removed, and now, damage control is underway for this father and his two daughters. I've no idea if any damage has currently taken place with any of them credit-wise, but I won't push the issue upon them any more by inquiring about it. Also, I've chosen not to name the ISP as of this moment due to their users' directories all being accessible in the manner that they are currently. However, if you're concerned enough to see if your ISP follows a similar practice, either head to your ISP's home page and search through their support pages, or reach out to support via phone or email.

Where do you think the line exists these days between a service provider's transparency and a paying customer's ignorance or stupidity? I'm interested to read your feedback, so let us know your thoughts in the comments below!

Related Content:

 

Topics: Google, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

32 comments
Log in or register to join the discussion
  • RE: Are you to blame for your child's identity being stolen? (Case study)

    If you want out of the house copy of your sensitive data so you don't loose it in case of fire, I suggest to bring a copy to a trusted friend/relative or burn a CD and put it in a safe deposit box at a bank.
    lepoete73
    • RE: Are you to blame for your child's identity being stolen? (Case study)

      @lepoete73
      Bank safe deposit box seems to me to be the most trustworthy and secure location. That's an excellent idea.
      swmace
  • RE: Are you to blame for your child's identity being stolen? (Case study)

    Welcome to the Cloud!! If you want data to be accessible by everyone, go ahead and use the cloud. DO NOT EXPECT ANY PRIVACY! Especially from the government.
    davidmpaul
    • RE: Are you to blame for your child's identity being stolen? (Case study)

      @davidmpaul

      Absolutely. If it's not under your roof, then it's in the wild. Get an external drive and back up your data to it on a regular basis, and store it in a fireproof box or at the bank.
      trybble1
  • I don't get the implication trying to be made??

    @Stephen
    >>>"But perhaps even worse than the aforementioned and this is really the kicker is this girls much younger sister, whose father claims her on his taxes. Right there in a tax document of his was her SSN and name. Is this young girl going to be in for a rude awakening the day she goes to apply for something requiring a credit check? What if she tries to land a job early on that requires a credit check?"<<<<br>

    @Stephen What point is this statment making? I get the overall disaster; but fail to see what this connotates.<br>Please amplify.
    ChoMlo
    • RE: Are you to blame for your child's identity being stolen? (Case study)

      @ChoMlo Basically, the action of a child's identity being stolen has a good chance of not being discovered/detected until the child becomes old enough to start making credit inquiries. By that point, the amount of damage can be quite severe.

      That's in contrast to it happening to an adult, who can typically be notified quicker.
      StephenChapman
    • Sorry to inform you, but...

      @ChoMlo ..."connotate" is not a word. I cringe when people use words without knowing their meanings, or lack thereof. I heard a talking head use the word "impactful" the other day. NOT A WORD, people! Look it up!
      rmazzeo
      • Re: Sorry to inform you, but...

        @rmazzeo >>> ..."connotate" is not a word.<<<

        Found at http://dictionary.reference.com/browse/connotate
        "Word Origin & History - connotate - 1590s, from M.L. connotatus, pp. stem of connotare (see connote). Obsolete; replaced by connote."
        >>>I heard a talking head use the word "impactful" the other day. NOT A WORD, people! Look it up! <<<
        Also found at http://dictionary.reference.com/browse/impactful
        ...however...
        http://www.urbandictionary.com/define.php?term=impactful
        claims in part that the "word" impactful is, among other things, "A non-existent word coined by corporate advertising, marketing and business drones..."

        impactful being a non-word backed up here: http://public.wsu.edu/~brians/errors/impactful.html, with handy icons next to the word and the word you should replace it with just in case you missed the point.

        FYI, dictionary.com seems to list this as a "real" word, but if you look closely, it's filed under "Dictionary.com's 21st Century Lexicon."

        tl;dr - all languages are fluid and constantly changing. If you think a word isn't "real" wait a decade and then check back with the same source.

        IMO / YMMV - "connotate" is an old *obsolete* word, so it's been grandfathered in. "Impactful" sounds like marketing BS, so I agree that it is fake.
        TillIDrop
      • RE: Are you to blame for your child's identity being stolen? (Case study)

        @rmazzeo et al,
        connote is the correct word
        cosmicrepairdude
  • RE: Are you to blame for your child's identity being stolen? (Case study)

    What about your mother's and father's identity? Do you know what their SS number is? Check it out it could be more than your children it could be your own or your parents. Identity must be changed in some way that does NOT involve Social Security numbers, perhaps the old Federal Law that addressed the use of the Social Security Number? I remember that once it was NOT to be used for identity purposes. That use continued because someone saw it as the EASY ANSWER to a much more difficult problem.
    Woodlands
  • RE: Are you to blame for your child's identity being stolen? (Case study)

    I also would like to understand what the credit problem would be for the child whose SSN and name were in the father's tax documents.
    ScottVS
    • RE: Are you to blame for your child's identity being stolen? (Case study)

      @ScottVS See my answer to ChoMlo above.
      StephenChapman
    • RE: Are you to blame for your child's identity being stolen? (Case study)

      @ScottVS
      A malicious individual could use that to open credit card accounts, rack up bills, not pay them and ruin her credit - all at an age where it's unlikely to be noticed. Other things are also possible, but that's an easy one.
      p0figster
    • RE: Are you to blame for your child's identity being stolen? (Case study)

      @ScottVS

      Because someone else (a bad guy) has the young daughters name and SSN, they could sell it to someone to setup a false identity, then use it for quite a while, because the girl is unlikely to check her credit score for many years. During that time, it is easy to get credit cards, etc. Get busted, give the girl's name and SSN, creating a criminal record for her.

      Plenty of opportunities for bad things.
      mr_bandit
    • RE: Are you to blame for your child's identity being stolen? (Case study)

      @ScottVS


      once you have a name, ssn , and address you can start getting credit cards and such on line created. by the time a 3 year old goes to college the damage is unrepairable . How about the government college fund you have been paying on for over 15 years being taken by someone else or having a lean against it for past unpaid debts against that SSN.
      fierogt
  • Why should someone have to ask their ISP...

    ...whether the files they've stored are open to unauthorized search? THEY SHOULD NOT BE, and the ISP should block access, as a matter of course.
    GrizzledGeezer
  • Yes, YOU are to blame.

    ANYTHING out there in the Web Cloud is accessible by individuals and governments who do not have good intentions and without court orders or any such legal niceties.
    YES, I AM paranoid. But am I paranoid enough? And just because I might be doesn't mean that I'm wrong.
    Sceptical Observer
  • RE: Are you to blame for your child's identity being stolen? (Case study)

    I blame the government (and the people who have elected them).

    It should be illegal for anyone (or Gov Agency) to use a SSN# for anything other than Social Security. Under that scenario, identity theft would not be what it is today.
    slowgeezer
  • It's obvious English is not...

    ...Stephen's strong suit - I quote - "....numbers with which to wreak havoc with." Can't be a typo. But I digress...

    It should be against the law to do a credit check for ANY job, except for a high ranking government position, one which also requires "secret" clearance. I have gone so far as to turn down offers from companies that require for this information. Drug use & criminal history are one thing, my personal credit is entirely another. This is just another way to invade my privacy, & I refuse to take it lying down. Eye-opening article, btw...thanks!
    rmazzeo
  • &quot;with which to wreak havoc with&quot; Typo

    I think the "with" at the end of the following sentence from the article is a typo.
    "At any given moment, I could have a handful of Social Security numbers with which to wreak havoc with."
    AMusnikow