First VTech, Now Hello Kitty - How Vulnerable Are Our Kids To Hacking?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.techtimes.com/articles/118579/20151222/first-vtech-now-hello-kitty-how-vulnerable-are-our-kids-to-hacking.htm


The hack on VTech Holdings, Inc. in November and various Sanrio websites in
December are proving that kids are just as vulnerable to identity theft as
working adults; however, what some parents don't realize is that theft of
their children's identity may just be more valuable for hackers and more
detrimental for the future of their own kids.

As proven during the VTech and Sanrio hack, the people behind the data
breaches seem to see the potential of a "clean slate" that minors have and,
the younger the kids are, the longer identity thieves will have something
to milk. It's frightening really, especially for the kids who would grow up
to discover that they have already stacked up a huge amount of debt way
before they even had financial independence.

What makes children's identity so attractive?

Kids are practically a blank slate. They don't have historical data in
terms of medical, financial and legal records. Since parents take care of
pretty much everything as the child grows up, which means there is no
reason for the kids to have a credit history until they are adults, parents
have a usually more relaxed attitude and rarely think to check if something
is amiss.

Now combine that with the new technology that many kids are intent on
owning: smartphones, tablets and learning devices with online
accessibility. Software and apps connected to such devices, more often than
not, require you and your kids to provide information in their online
databases which anyone with a malicious intent and enough skill can
compromise. Take note that not all companies are able to provide the
necessary security and encryption.

If an adult looking into getting a "free ride" for a few days, months or,
worse, years, is able to obtain that clean slate and claim it as theirs,
they can start using your child's information to mask their own identities.
They wouldn't have much of a problem with getting caught too soon unless
the parent decides to check up on their child's record and discovers the
anomalous activity.

The affected child could wake up many years later as an adult prepared to
lead a responsible life only to find out they already have a bad credit
score and incurred a huge debt.

Who is ultimately responsible?

The current situation should remind parents that kids are very vulnerable
to identity theft and that, while companies should have more security
protocols to prevent data breaches, the role of both parents and children
must be taken into play to increase the security of the children.

Companies need to step up with providing tighter security against data
breaches. In such a case like VTech's hack, the company was too relaxed
when it came to securing what is supposed to be private information and
data encryption was not even applied. Especially when it comes to companies
offering learning devices with online access, just because the main clients
are children does not mean that security can be a little more relaxed
since, unlike adults, they can't quickly take legal action.

Companies should keep in mind that any personal information is already a
gold mine to anyone with malicious intent and children must be protected
from them. It's not only adults who earn money that are targeted and not
just retired people either. Even children's information can be used for
misdeeds and companies are partly responsible when these things happen,
especially if the information was leaked from its own database.

Parents and other adults also hold just as much responsibility as
companies. As the adult and another potential victim of identity theft, you
should know how much damage an identity theft poses so parents should
neither be too relaxed to not keep an eye on your children's credit score
nor afraid to step forward and request credit monitoring companies for
credit reports on behalf of your children. So what if nothing comes up and
you looked like a paranoid parent? In the end, you can rest easy knowing
that you took action and your child's financial future is still secure.

A child's innocence can also be taken advantage of and by "innocence" we
mean the way a child is not yet well-informed about the possible dangers of
providing information over the internet. Children would be honest and
provide complete information and parents would think kids may not be able
to wrap their head around "complex" concepts but this is not necessarily
the case nor the solution.

Prevention is, however, simpler than most parents perceive. Since children
have access to the internet, they should also be proactive when it comes to
protecting their own identities. Hence, children should be taught to check
in with a parent or guardian first before providing any personal
information online. If the children themselves know how to "think before
you click," then it creates a healthier mindset for them when it comes to
dealing with online matters, not just identity theft.

The government and some companies can offer support

The New York State has given parents the right to freeze their minor
child's credit reports. This is done through companies like Equifax,
Experian and TransUnion. The good news is that New York isn't alone on
this. Arizona, Delaware, Florida, Georgia, Illinois, Indiana, Iowa,
Louisiana, Maryland, Michigan, Montana, Nebraska, New York, Oregon, South
Carolina, Texas, Utah, Virginia and Wisconsin also require the three
companies to help parents create credit reports for their children and
quickly freeze it in the event that fraud is detected.

Still, prevention is better than cure

Just like the old saying goes, prevention is better than cure. The best
thing to really prevent identity theft from happening is to make sure that
both parents and children are not sloppy with their information. That is,
everyone should be more careful about their online behavior and what kind
of information they provide through the internet. Warn a child of the
possible dangers posting their identification cards can pose. It may be fun
in the beginning but it won't be fun when you find out you and your child
are already victims, especially when you had a chance to prevent it from
happening.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!