The personal information of babies is now available on the Dark Web.
Younger children — even newborns — now have a social security number, but they have obviously never made any purchases, which means they have a “perfect” credit history. Hackers sell the information these days with a complete “how to” for the buyer, explaining the steps to file fraudulent tax records or apply for a credit card without getting caught.
As the child grows up, he or she might discover they’ve been hacked. And it will be difficult or impossible to correct any credit history problems or fraudulent purchases.
Experts tell Fox News the technique actually works.
“From what our researchers have seen, there is an elaborate marketplace on the Dark Web where the stolen data is distributed through channels to end users,” said Leon Lerman, the CEO of Cynerio, a healthcare security company based in New York. “The hackers, who at the top of the black market value chain, sell raw patient data in bulk.”
Interestingly, Lerman says this is one case where educating the public — even the parents — might not help. With most security risks, part of the answer is to withhold personal information unless it is absolutely required. However, parents must register the child’s new SSN.
Ron Schlecht, a managing partner at BTB Security, says the problem with hacked data for young children is that it can be combined with other data. For example, since the SSN and date of birth data is real, the hacker might build a credit record using a fake name and address. Even denied attempts to apply for credit cards help build up the history, he says.
“It’s a type of fraud that combined real information with fake information,” he said.
Mounir Hahad, the head of threat research at Juniper Networks, said it’s even at the point where the youngest children will likely assume they’ve been hacked by the time they reach the age to obtain a credit card, a new mortgage or buy a car. “It’s no longer a matter of protecting against theft, but instead protecting ourselves against the fallout,” he explained.
According to Gary Davis, the chief consumer security evangelist at McAfee, another problem is that parents won’t bother to check if there’s been a hack for several years. So the theft is “safe” on the Dark Web unless parents check the history routinely.
“Depending on how extensively the information has been abused, it could take the child years to remediate and get their identity and reputation restored,” says Davis. “In extreme cases, they may need to get a new social security number.”
One solution? Business expert and author Aaron Young says parents should think about whether they really need to hand out personal information for babies.
“Pay attention to who you allow to have your children’s identifying information,” he says. “Why does the doctor need that? Why does the school need that?”