Organised Cyber-Crime Steals US Children’s IDs

However, data breaches aren’t the only way criminals get SSNs. A network of cyber-criminals has figured out how the Social Security Administration generates its numbers and is using that to come up with valid Social Security numbers around the time that a child is born. Because the first three digits of a Social Security number reference the region where the number is issued, it’s only the last six numbers that are really tied to identity, and those are issued in a predictable sequence.

This means that a child’s SSN can be stolen without any sort of data breach and that a fresh SSN can be tied to someone else’s name and address. That person can then use the new SSN to get credit or a new identity. The Social Security Administration is working on a plan to randomise Social Security numbers, and in the meantime is offering some guidelines to dealing with identity theft, including getting a new number.

Don’t give data that’s not required

There’s not a lot you can do about criminals who have cracked the SSN code, but you can prevent data breaches to some extent by not providing your SSN (or your child’s) when it’s not required. This means that even if your T-ball league asks for your child’s number, you don’t need to provide it. If someone or some organisation needs the number, or claims to, ask why they need it, how they will secure it, how they will destroy the information when it’s no longer needed and what they will do to prevent a data breach.

But what happens if someone does steal your child’s identity — or yours? In the case of your child, this discovery can happen at tax time when the IRS doesn’t issue the refund you expect or notifies you that your child has already filed his or her own return. Or sometimes you might hear from creditors.

But the best way Americans can find out is by getting an annual credit report for everyone in your family, every year. It’s free. It’s worth noting that your minor children shouldn’t have a report to request because they won’t have a credit file. If they do, it’s a red flag.

In the enterprise and round the world, the new effort by organised crime to steal the numbers belonging to children can have serious consequences. Your company may be hiring or giving credit to American citizens, and depends on Social Security numbers in these other financial transactions. Your organisation may also have to report wage information to the IRS. A surge in stolen numbers can have its own security implications for your company no matter how they’re used.