By: Tonya Mead, CFE, CHFI, PI, MBA, MA Educational Psychology
Did you hear about the data breach of information stored at the Alaska Office of Children’s Services today? The state divulged that personal information of “individuals who have interacted with the Alaska Office of Children’s Services” was accessed.
The fourfold purpose of the Children’s Services Division is to ensure:
- Cultural Continuity, and
- Child and Family Well-being.
An additional 2,658 were removed from nuclear family homes to out-of-home (group homes, foster care, residential treatment facilities) placement.
Regarding other supports, Alaska distributed almost $74 million to slightly more than 3,000 families each month for Temporary Assistance to Needy Families (TANF). And $12 million for the 19,682 women and children to receive the Supplemental Nutrition Program for Women, Infants and Children (WIC). 3,600 children each month received subsidized child care. 1, 593 children were enrolled in the state supported Head Start program. 2,320 state sponsored home visits were made to more than 184 families.
So why write this article?
I attended a briefing conducted by Secret Service Agents a few months ago and they stressed that criminals are targeting down line (small businesses and non-profits) rather than huge conglomerates and mutil-nationals for hacking. The firewalls and defense in depth systems are much more difficult to penetrate at these corporate entities than a small mom and pop, sole proprietorship operating on Main Street.
Similarly, it may prove much easier to hack a state-level social services governmental agency or division that has multiple routes for penetration, lots of data and minimal firewalls. The rationale for lax data security could be: “Hey, its not the state’s treasurers office or the tax assessors. It’s, the social services division, geez!”
Threat of Identity Theft is Real
As I have written in my book, application forms for aid and welfare support require the submission of confidential information (income, bank accounts, assets, child support payments). Further, to receive support, benefit from home visits, education advocacy meetings and social service check-ins; phone numbers, emails, home addresses are routinely obtained, recorded, and stored. Unbeknownst to some government workers, is the need to prioritize data security. Even the data of society’s most vulnerable.
With all of the historical, generational family, educational, employment, distant relatives, civil and criminal, and contact information stored in the databases of social services agencies, there is little need to fabricate or build a new identity– just use what you’ve hacked. Now. The information is so vast that a middle man is not needed to fill in the missing pieces. The data is good for the criminal from the get-go. Take a look at the attached Hacker Services price list provided by BankRate. The rate for a full identity on the black market is $1,200 to $1,300.
As such, the potential for severe harm to our vulnerable population is considerable. According to the Identity Theft Center, criminals may “purposely target children [or those in need of social services] because of the often lengthy time between the fraudulent use of the child’s information and the discovery of the crime.”
- Post- Hack to prove enrollment
- Post- Cyber scammers target schools
- Post- Botnet grade in education- graph
- Post- Botnets and identity theft in education
- Post- WTF? CDI says don’t worry about threat in schools
- Presentation- The exploitation of minors to gain confidential information
- Post- Bank data for 40 million borrowers vulnerable
- Post- U.S. Department of Education earns D- FITARA Score
- Post- 23,000 student information hacked
The threat of child identity theft is so severe that the Federal Trade Commission (FTC) provided information stating that, “a child’s social security number can be used by identity thieves to apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live…” The Federal Trade Commission (FTC) urges consumers to take immediate action if their child’s information is being misused.
In spite of the data breach, the State of Alaska should be commended for swiftly alerting the public. It is my hope that they too have alerted the victims so that they can take the appropriate counter measures on their own. Down on your luck temporarily does not mean that you’re permanently down for the count.
Tonya J. Mead, CFE, CHFI, PI, MBA, MA, Certified K-12 Administrator and School Psychologist is author of Fraud in Education: Beyond the Wrong Answer and president of Shared Knowledge, LLC http://ishareknowledge.com