Your infant's personal info is being sold on the Dark Web! Why? Because they have the perfect credit score

Cybercriminals are selling the Social Security numbers of babies on the dark web, enabling crimes such as credit card frauds


                            Your infant's personal info is being sold on the Dark Web! Why? Because they have the perfect credit score
(Source:Getty Images)

The dark web now has the personal information of babies on sale — something that has been sought after for years by cybercriminals.

Nowadays, a social security number is assigned to a child as soon as he or she is born. Owing to the fact that children never make any purchases until adulthood, they usually have a "perfect" credit history — a markedly valuable asset.

These days, hackers are selling information on these baby SSNs to prospective buyers with a complete "how to" guide, explaining how they can escape the law by if they file fraudulent tax records on the baby's account, receive government benefits, or even apply for a credit card without any hitches.  

CNN reported in January that the cost for acquiring the information was $300 worth of bitcoin for each baby's data set.

This is a huge problem for the child who is being targeted. Years after fraudulent use, as the child grows up, they would eventually discover that they have been hacked, and it will become extremely difficult to undo any credit history problems or illegitimate purchases made on their name.

In a conversation with Fox News, hacking experts confirmed that the said technique used by hackers actually works.

Leon Lerman, the CEO of Cynerio, a healthcare security company based in New York, said, “From what our researchers have seen, there is an elaborate marketplace on the Dark Web where the stolen data is distributed through channels to end users.

“The hackers, who at the top of the black market value chain, sell raw patient data in bulk,” he said.

However, according to Lerman, educating parents would not help in this case. As with most security risks, the best way to avoid such problems in the future is to withhold personal information as much as possible, until it is an absolute must. That being said, Lerman advises that it is essential for parents to register the child's new SSN.

Researchers at Terbium Labs, a dark web intelligence firm, were one of the first to discover the listing for infant data online. The company's director of analysis, Emily Wilson, was surprised at the cost and age of the reported victims.

The firm had found child data on sale before, but this was the first time that data on infants was up for sale to prospective cybercriminals. "It's unusual to have information specifically marked as belonging to children or to infants on these markets," Wilson said.

Interestingly, the rate of child identity theft is 51 times higher than for adults, whose data sets sell for $10 to $25 on dark web markets, according to a 2011 report from Carnegie Mellon University's CyLab.

One of the major problems with hacked data when it comes to young children is that it can be combined with other data, says Ron Schlect, a managing partner at BTB Security. For instance, the hacker would be able to build a credit record using a fake name and address as long as the SSN and date of birth data are genuine. According to him, attempts to apply for credit cards that are denied also build up the bad history.

“It’s a type of fraud that combined real information with fake information,” he said.

Having said that, the problem has reached a point where the youngest generations would be comfortable in assuming that their data has been compromised by the time they reach the age to buy a car, obtain a new mortgage, or a new credit card, according to Mounir Hahad, the head of threat research at Juniper Networks.

“It’s no longer a matter of protecting against theft, but instead protecting ourselves against the fallout,” he explained.

Another problem, according to the chief consumer security evangelist at McAfee, Gary Davis, is that parents will not check if there's been a security breach of data of their children for several years, mostly due to lack of understanding about the gravity of the issue. If that happens, as it does in most cases, the theft is "safe" on the Dark Web for any prospective buyer unless the parents make it a point to check the linked credit history on a regular basis.

“Depending on how extensively the information has been abused, it could take the child years to remediate and get their identity and reputation restored,” says Davis. “In extreme cases, they may need to get a new social security number.”

There could be one simple solution to the said loophole, according to business expert and author Aaron Young, who says that parents should make a calculated decision every time they have to give out private information on their children, whether it is absolutely necessary for them to share the data.

“Pay attention to who you allow to have your children’s identifying information,” he says. “Why does the doctor need that? Why does the school need that?”

A former reporter who now works for a large tech firm, Christina Warren, claims she started receiving credit card bills at the age of 12. Her parents had to convince the credit card company that her identity had been stolen after collection notices piled up to a point.

While credit reporting agencies claimed to have fixed the issue, Warren found it difficult to obtain her first credit card due to 'her' bad history.

"It was a massive headache," Warren told CNN Tech in January. "I didn't realize until six years later that it was still ongoing."

Warren and her parents were eventually able to straighten out the issue after several phone calls and document verifications.

She advised that as identity theft victims may be asked to prove if their situation was sorted, they must maintain proper records of the resolution. "[One thing I learned is to] keep documentation and paperwork for everything," Warren said.