Welcome to the Identity Theft Resource Center’s Weekly Breach Breakdown for September 10th, 2021. Each week we take a look at the most recent events and trends related to data security and privacy. This week, we’re going to talk about a data breach involving children and the special risks that are created when a child’s personal information is exposed.

Show Notes

Our podcast today is possible thanks to support from Experian and Abine. Make sure to subscribe for future podcast episodes!

Follow on LinkedIn

Follow on Twitter

Show Transcript

The Weekly Breach Breakdown Podcast by ITRC - Everything's Bigger In Texas

Welcome to the Identity Theft Resource Center’s Weekly Breach Breakdown for September 10th, 2021. Our podcast today is possible thanks to support from Experian.

Each week we take a look at the most recent events and trends related to data security and privacy. For the past two weeks, we’ve concentrated on what happens when you receive a notice that your personal information has been compromised. This week, we’re going to talk about a data breach involving children and the special risks that are created when a child’s personal information is exposed.

When you grow up in the southern US as I did, you learn very quickly that the saying…”Everything’s bigger in Texas”…is absolutely true. The Lone Star state is twice the size of Germany. Texans eat 54,000 tons of catfish each year…that’s 6 times the weight of the Eiffel Tower. And, there are high school football stadiums in Texas that seat more than 19,000 people…enough to fit the entire population of three average-size US cities.

This week, the Dallas Texas Independent School district has earned a different distinction…the target of a significant data breach.

More than 145,000 students attend 230 schools across the district that employs 22,000 people. That doesn’t include independent contractors and vendors who also serve the Dallas schools.

School officials announced late on Friday before Labor Day that an “unauthorized third-party” had accessed, downloaded, and stored personal information on a cloud data storage site. The stolen data included information on current and former students and their parents as well as current and former employees and contractors – dating back to 2010. 

The compromised information includes full names, addresses, social security numbers, phone numbers, dates of birth, and employment & salary info for current and former employees and contractors.

For current and former students, the breached data includes full names, social security numbers, dates of birth, parent and guardian info, and grades. 

According to the school district, some students’ custody status and medical conditions may also have been exposed.

As is typical in the early days of data breaches, there are a lot of unknowns and a lot of reluctance to share information about what happened. The Dallas school district has hired forensic investigators to determine how the cybercriminals gained access to the student, parent, and employee information – but little is known so far.

School officials are not calling this a ransomware attack, but they acknowledge the District has communicated with the data thieves who claim the information has not been sold or shared but has been removed from the cloud database. Ransomware attacks against schools have dramatically increased as students return for the new school year. One cybersecurity firm reports seeing more than 1,700 attacks against schools around the world each week in July.

The Dallas School District is offering credit monitoring and ID theft recovery services for one year and the ITRC always recommends data breach victims take advantage of those offers. But, the release of student information is especially troubling as criminals who take control of a young person’s identity can cause significant harm over time.

Imagine a high school student applying for college and being denied financial aid or admission because someone had used their social security number to report income or obtain credit. An ID thief can abuse a student’s stolen information for years before the parents or child learn of the crime. 

It’s important for parents to not only freeze their own credit but to freeze their children’s credit, too. That won’t prevent your child’s information from being exposed in a data breach, but it will keep a cybercriminal from using the information to ruin your child’s credit and perhaps their education and work opportunities when they grow up.

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone, chat live on the web, or exchange emails during our normal business hours. Just visit idtheftcenter.org to get started.

Thanks again to Experian for supporting the ITRC and this podcast. Listen next week as we talk about credit freezes with the founder of Frozen Pii on our sister podcast, the Fraudian Slip and we’ll be back in two weeks with another episode of the Weekly Breach Breachdown.