Identity theft's next frontier: Your kids

A report by Carnegie Mellon's CyLab finds that identity theft is a growing concern for children. In a scan of 42,000 child IDs, CyLab found that more than 10 percent of kids had someone else using their Social Security number.

A report by Carnegie Mellon's CyLab finds that identity theft is a growing concern for children. In a scan of 42,000 child IDs, CyLab found that more than 10 percent of kids had someone else using their Social Security number.

Why are kids such a good target? Parents aren't paying attention. However, parents should pay attention since CyLab found that children had a 51 percent higher attack rate than adults. The problem is likely to get worse as more kids go online at a younger age.

CyLab scanned more than 42,000 child IDs by identify protection company Debix and found:

  • 4,311, or 10 percent of children, had someone else use their Social Security numbers;
  • These IDs were used to buy homes, cars and open credit lines.
  • Largest fraud was $725,000 against a 16 year old girl.
  • The youngest victim was five months old and 303 victims were under 5.
  • 1,767 cases where a child Social Security Numbers were found in utility records.

CyLab noted that the report isn't scientific. It's not aimed to project total child identity theft incidents. What the report aims to do is highlight the issue. The upshot is that children are good targets for identity thieves.

From the report:

This child identity theft report is not based on survey results. It is based on identity protection scans on 42,232 children (age 18 and under) in the U.S during 2009-2010. This pool of 42,232 child identities includes everyone under 18 in a database of over 800,000 identity records.

The participants were enrolled in the Debix AllClear ID Protection Network after receiving notice that their personal information may have been compromised during a data breach. Excluded from this report were children and adults who were affected by data breaches that resulted in targeted attacks against the population.

Note: The attacks do not appear related to the data breach events. For example, 78% of the child attacks occurred prior to the data breach events. Moreover, the attack rate for the adults affected by these same data breaches is very low at 0.2% - below the national average of 1% for the general population (Source: Javelin 2010).

The report's author, Richard Power, concluded:

Although the data’s statistical significance is yet to be determined, it is certainly profoundly significant on a practical, human level to the thousands of children and families who have thus been victimized. Furthermore, from my perspective, having tracked the evolution of cyber crime over two decades, it is only common sense to surmise that the problem goes beyond those breached accounts included in this report, and that there are many thousands more children and their families at risk.

There's also a passage in the report from Allessandro Acquisti, a Carnegie Mellon researcher, who discovered that it's easy to cull Social Security numbers from public data. In fact, it's easier to get Social Security numbers from people born after the 1990s. The child identity theft and the vulnerability of Social Security numbers could be a dangerous combination.

Related: