Recently, I received a letter in the mail from a company about a data breach.
The letter said that the company had been a victim of a cyberattack back in March in which files were scrambled (what we know as ransomware). The attacker had also accessed sensitive files and customer health data.
Sadly, this is a pretty normal occurrence these days. However, this time it wasn’t my own data that was stolen. It was my 9-year-old’s health data, stemming from a breach at the medical company that provides her wheelchair.
She didn’t fill in her details to a phishing site. She didn’t download malware. She doesn’t even have an email account. Yet her data had already been stolen.
The data included her name, date of birth, Social Security Number, medical documentation, insurance information, and more.
And this isn’t the first time. She’d actually already had her data stolen three times before her 10th birthday.
There isn’t anything we could have done differently in this situation. If you don’t use a service anymore, you can ask the organization to delete your personal information. However, in the case of medical companies—who have access to your most sensitive data—you can’t easily change providers, and they often need to store your data for longer for compliance reasons.
However, there are things you can do to prevent identity theft happening in general, some even after your kids’ data has been taken in a breach like this.
How to protect your kids from identity theft
- Freeze your child’s credit report: You need to do this at all three major credit bureaus (Equifax, Experian, and Transunion), and it’s free to do. Freezing restricts access to your child’s credit report, and means fraudsters cannot use your child’s identity to get credit.
- Use fake data wherever you can: In some places, like medical facilities, you do need to use your child’s real data. But whenever you’re signing up for something less official, try using dummy data.
- Review privacy settings on apps your kids use: Keep things as private as you can. For example, don’t use their photo for profile pictures, remove statuses that let others know when they’re online, set as much as possible to “private,” and give the least amount of personally identifiable information (eg. home address, phone number, etc) as you can.
- Squat on their digital assets: Buy their domain name, create emails for them, and sign up for key platforms. Then lock all these accounts down with strong, unique passwords and two-factor authentication, and set them to private or inactive.
- Keep your devices updated and use security software: Infostealers are a type of malware that steal data from your device. This data can then be sold on the dark web to identity thieves.
- Talk to your kids about digital safety: Make sure they know how to set strong passwords, what dangers to look out for online, and how to stay safe.
- Set up identity monitoring: This alerts you if you or your family’s information is being traded online, and helps you recover afterwards.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.