The surveillance economy is everywhere, companies of every kind using an unimaginably complex array of data to sell goods and services (and/or create same), promote a particular political view, even proselytize for a religion.
We all inhabit this post-privacy environment. And increasingly, it's a given that this ideal consumer-focused place that can turn into a dystopian nightmare when data goes walkabout.
It shouldn't come as a shock that children are not considered off-limits by the rogue's gallery of thieves, con artists and scammers who target people for fraud using their most sensitive personal information. That said, the findings of a recent study are still terrifying.
Released by threat intelligence company 4iQ, "Identities in the Wild: The Tsunami of Breached Identities Continues," revealed a 182% increase in raw identity records discovered by its researchers between 2016 and 2017. More than 3 billion identity records were found pulled from 8.7 billion raw data files. The data was mined from the almost 3,000 breaches detected during the study's stated timespan.
Dark Reading points out that the increase is due in large part to the growth in the number and size of breaches affecting personal data--whether we're talking about usernames, passwords, or more granular information. Make no mistake, this is a serious increase of exposure. On the dark web where a great deal of the data resides, this category of breach--think Equifax--comprised 44% of the 8.7 billion record total.
The second reason, Dark Reading rightly observed, "is the growth in accidental record exposures that commonly stem from poor security measures, which leave data open to third parties." Bad cyber security practices, or non-existent ones, caused the exposure of 4.9 billion raw identity records in 2017.
Children at Risk
While the question of why these vulnerabilities persists, the more pressing issue right now is the danger posed in the near term. The problem is made all the more serious because child identity theft often goes undetected until the victim applies for credit--long after their credit has been destroyed.
The number of children now at risk because of the staggering amount of raw data accessible online should give all of us pause--whether we're talking about data available on the surface web, the dark web or the various places online that occupy shadow areas made possible by bad cybersecurity practices.
The 4iQ study found specifically an alarming uptick in synthetic identity theft. This type of fraud veers from the well-worn path of traditional identity theft. It does not directly attack the credit profile of one individual. Instead, scammers combine Social Security numbers (inactive ones work best), addresses and birth dates of disparate (or partially invented) individuals to manufacture new identities that they control. The goal: Rack up as much debt as possible and when the new identity associated with the stolen Social Security number is no longer credit worthy, move on to the next victim.
Children are ideal targets for this variety of identity theft for the obvious reason that they have clean slates with the credit reporting agencies. Additionally, there is no "reason" per se to check a child's credit score, which is the most common way to determine if one has become a victim of identity theft (no reason until now, that is).
The 4iQ study also found that while personal data breaches were more widespread, corporate data breaches were shown to have wider-reaching ramifications, particularly the depth and breadth of consumer data stolen from Equifax, including credit card numbers, driver's licenses, passport information, and tax IDs.
So, what does have to do with running a business? First, liability: how do you store the sensitive personal information entrusted to you? If you get it wrong, the repercussions could be anywhere from very expensive to an extinction-level event. Second, this goes to corporate culture. Reports like this are crucial in fostering data security as a core corporate value.
As business owners, executives and employees, it is time to acknowledge that safeguarding sensitive client, customer and employee information is as essential to an organization as protecting its intellectual property and trade secrets. As parents and/or legal guardians, it is imperative we do whatever is necessary to protect the identities of our children, from taking advantage of credit freezes and credit locks to utilizing identity monitoring programs to teaching them good cyber hygiene. For more information, visit IdentityTheft.Gov.