The mail just arrived and you are scanning through it. An electric bill, coupons from the grocery store, and... a notice that your 7-year-old was just denied for an auto loan?
This example might seem extreme, but for some parents this exact scenario played out after hackers managed to steal their children's data.
2020 saw a record number of cyberattacks, and threats for schools, universities, and other educational institutions are growing each day.
Unfortunately, there is no perfect profile for a cybercriminal. This is also true for victims of cybercrimes, too. Bad actors do not discriminate when it comes to data.
What happens when a school is attacked?
After an attack on Toledo Public School in Ohio, parents began receiving odd letters about their children. A few parents shared they had received a letter in the mail denying their child a credit card or car loan due to lack of income. Other children had been successfully signed up for an electric company account.
One parent told ABC13 that he received these kinds of messages and more.
"I figured they [the school district] had firewalls and things of that nature. I'm tech-deficient but [know] enough to protect our information," said the parent.
Bad actors are always looking for ways to garner information and they have access to advanced technology. Most of the time, hackers go after the money they can get, which means diversifying their portfolio of mayhem and gathering as much data as they can to post for a profit on the Dark Web.
One Texas school district recently faced a cyberattack that resulted in hackers compiling student data into an Excel spreadsheet and posting it online for sale.
"In December, when hackers broke into the Weslaco Independent School District near the Texas southern border, staff members moved quickly to alert more than 48,000 parents and guardians of the breach. They followed the FBI's advice to not pay the hackers and restored their system from backups they had kept for such an emergency.
But the hackers, spurned by Weslaco's decision to not pay, dumped the files they pilfered on their website. One of those, still posted online, is an Excel spreadsheet titled 'Basic student information' that has a list of approximately 16,000 students, roughly the combined student population of Weslaco's 20 schools last year. It lists students by name and includes entries for their date of birth, race, Social Security number and gender, as well as whether they're an immigrant, homeless, marked as economically disadvantaged and if they've been flagged as potentially dyslexic," says an article by NBC.
The school district's cyber insurance provided free credit monitoring, but many parents were still puzzled by how to report the problem and what steps they should take next to protect their children.
How can you protect children against a malignant data leak after it has already happened?
Kevin Collier, the reporter who covered this story, tweeted:
"What can a parent do? First off, they should immediately freeze their child's credit, which is a bit of a hassle (links in the story). Besides that… there is precious little they can. That stuff is out there, and there's really no getting it back."
Another great resource is the Cybercrime Support Network (CSN). Kristin Judge is CEO and Founder of the nonprofit organization, which assists small businesses and individuals. "We want to help them before, during, and after a cybercrime incident," she said.
CSN has built a fantastic cybersecurity resource where you can turn for help. "What we built was a portal that's related to cybercrime issues facing kids: teenagers, college students, and their parents," Judge said.
[RELATED: Podcast episode, Teen Hacker and the Cybercrime Support Network]
Other cyber scams where children's data can be vulnerable
It is not just schools that are targeted, either. Just like adults, children are relying more and more on digital devices in their day-to-day lives.
Apps kids use, such as for gaming, learning, and chatting with their friends, can be a common source of breaches. Even when parents are protective and cautious about monitoring their child's online activities, there is little most people can do once hackers infiltrate private networks.
For instance, the Animal Jam game by WildWorks was breached in November 2020, and hackers stole data from more than 46 million accounts.
Securing online information is a community effort, and it takes cooperation on all sides.
With the rise in ransomware attacks on government and healthcare organizations, as well as schools, this will continue to be a significant challenge.
SecureWorld will explore this problem during multiple sessions at the SecureWorld Great Lakes virtual conference on September 23, 2021.