New Data Reveals Growing Child Identity Theft Epidemic

By Michelle Dennedy

What does the new CyLab Carnegie Mellon research add to our knowledge and understanding of this issue?  What are the implications of this new data?

On April 1, 2011, CyLab Carnegie Melon published the largest ever study on child identity theft, analyzing 42,000 kids over a one-year period.  The results are shocking – identity thieves are targeting children 51 times more than adults.

The Child ID study is frightening enough—I actually think the sample of people we have available for study is quite interesting.

Admittedly, the data we have originated with one company in the business of data breach repair and not the population at large.

On the other hand, the children’s *data* was actually examined and compared and searched in database after database.  The Carnegie Mellon study was not based on opinion data or polling or poor official reporting through police records—as we now know based on this data many of these crimes go either unreported or parents are discouraged from creating an official report where the parent cannot prove that a large degree of financial or physical harm has been done to the child.  Resources, after all, are tight everywhere, including the various law enforcement groups.

Here’s how I look at this data:  Here we begin with the origin of the data—a company reputable enough to offer ID theft protections to it’s customer;  only roughly 10% of customers offered ID protection take advantage of these offers so we have now narrowed the pool by 90% of those not motivated enough to seek protection even where it is free;  Of those consumers, out of a million records, only ~40,000 were those of children—most parents apparently don’t think to include the kids in the protection.

Bottom line, the data is likely primarily from educated, aware and careful families.  I have to just wonder what the overall ratio of Child to Adult theft would be if there was a less careful sample.  I have a terrible feeling that a population wide occurrence of Child ID theft may actually be higher than 50x that of Adult theft.

What are the implications of this new data?

This is a startling and jarring topic for most people—including me.  We have worked hard to protect ourselves and accept that security breaches are a side effect to a networked and non-face to face authenticated economy.  We feel like we can fend for ourselves.

We are shocked to learn that we have failed to protect our own kids—are most wonderful and life affirming crazy little kiddos.  We are more shocked that, while we felt responsible enough to have these kids, we had no clue our kids could be compromised in this fashion.  We know better now.  We can take action now and never feel this naive again—about this topic anyway.

As a society, the Carnegie Mellon study and the ease of access of child data in general, the glib brush off by powerful business leaders of privacy protections and the intriguing but complex problem of authentication as access to goods, services and reputation should give us great pause.

What if the study statistics are correct or even partially correct??  Could it be that our social security numbers for our future generation may already be incorrect, imprecise or just actively wrong?

The social id number in the US & Canada & in many other places serves as a National ID.  The number opens the door to healthcare and identifies insured or uninsured patients.  The number welcomes new students into our public schools.  The number is tightly integrated with the mechanisms that tell merchants who is who and who can pay for the goods and services on offer.  The number allows the Department of Motor Vehicles to attach a driver’s license to a person with a picture.

What if those numbers were no longer reliable because every year after this year where we had some pretty darn good evidence of at least 10% false data, we added MORE bad data?  What if we knew that watching our kids and teaching them to be safe and helping merchants and policy makers was the answer?  What if we did nothing?

The impact is significant for our kids, the study gives us a first good large sample size look at real data, the solutions are up to us.

What would you do if you knew you could do the right thing?  Would you?  Will you?  I hope so.


Michelle Dennedy was America’s first Chief Privacy Officer, for Sun Microsystems. When Michelle’s own daughter’s identity was attacked, she vowed that she would never let it happen again. Michelle is now the Editor-in-Chief of The Identity Project, which is sponsored by AllClearID. AllClearID will monitor your child’s identity, notify you securely if it has been compromised, and repair and restore it – at no cost to you.