Ransomware attacks on school districts have led to identity theft and data leakage. The victims include millions of students.
And apparently nothing can be done. Because, yes, schools require children’s social security numbers. And, yes, our stupid financial institutions still use SSNs as identifiers—despite the federal government telling them not to.
The world has gone to hell in a handbasket. In today’s SB Blogwatch, we go off grid and run for the hills.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Cyriak hates Adobe AF.
What’s the craic? Kevin Collier peacocks this colorful report—“Hackers are leaking children’s data — and there’s little parents can do”:
A credit card and a car loan”
Most don’t have bank passwords. Few have credit scores yet. And still, parts of the internet are awash in the personal information of millions of schoolchildren. … The recent rise in ransomware has escalated the problem.
NBC News collected and analyzed school files from … hackers’ sites … and found they’re littered with personal information of children. … Some schools contacted about the leaks appeared unaware of the problem.
For more than a decade, schools have been a regular target for hackers who traffic in people’s data, which they usually bundle and sell to identity thieves. [For example] just a few months after Toledo Public Schools in Ohio was hit by ransomware … someone who had that information had started trying to take out a credit card and a car loan in [an] elementary school-aged son’s name.
And Mitchell Clark has been there; done that—“Cyberattacks on schools put children’s SSNs, birthdays, and more on the dark web”:
I know firsthand the hell that can come from having your credit wrecked before you even get out of high school. … I wouldn’t wish it on anyone.
Ransomware has been a hot-button topic in 2021 due to its impact on critical infrastructure, hospitals, and computer manufacturers. However, a recent report from NBC News may be one of the more heartbreaking accounts of the effects hackers can have.
It’s hard even to comprehend how it could affect a student’s social life if their grades, medical info, or free or reduced-price lunch benefit status leaked online. What’s easier to understand is the impact of having their SSNs, birthdays, and names sold to unscrupulous people.
The report mentions that 1,200 schools’ info had been published by ransomware attackers this year. [Many] aren’t up to the task of keeping that data safe — though doing so is easier said than done.
Are you surprised? It’s no surprise to self-confessed “uppity Brit,” Stella—@RisuToInu:
Your child, or one you know”
I did a Black Hat talk on this in 2020 and, OMG, the stuff I saw as an education [data protection officer]. Schools signing families up to platforms they never even use or are aware have their data.
I guarantee your child, or one you know, has data shared on them without consent.
When did they start collecting social security numbers? SmallDongRising drives slowly past frozen roadworks:
Your tax dollars at work”
I’m old enough to remember when they used to post class schedules in the cafeteria (this was around 1996) with student ID numbers, birth dates, and SSNs. Even back then I complained. I was told I was paranoid.
Your tax dollars at work.
Yes but why SSNs? dot. recalls their experience:
My how far we’ve come! I unknowingly learned my SSN in 7th grade because it was my student ID # (sans dashes), which we were required to label on all assignments.
And April—@speakout_april—exhorts a federal agency to action:
This has happened twice at my daughter’s high school in Fairfax County, Va!! It should be a bigger/national story, FBI.
Perhaps you share this opinion? MrL0G1C questions the hackers’ parentage:
You’ve got to be a really sad little ****ing scumbag to do this. … And the authorities who turn a blind eye: sad ****ers too.
Old school hacking now looks tame by comparison. … Bastards.
People outside the U.S. don’t understand the significance. People like merlotisred, for example:
The problem is in how these numbers are used”
I always struggle to understand the significance of the Social Security Number. Whenever these stories come up, the implied threat is that knowing someone’s SSN gives you control over their financial security, their ID, everything. Which seems bizarre.
Surely the SSN is just a unique ID number, not a key to the vault? … It’s like everybody has a name, and the names are unique, and you can know somebody’s name. It’s is a pointer to a unique individual.
If knowing a SSN is enough to hack a person’s identity then the problem is in how these numbers are used. It is folly if a … proxy for your name, is enough to compromise your security. … It’s like someone comes into the bank, introduces themselves as John Smith, and is given access to John Smith’s finances.
Meanwhile, jmccue is old:
I remember when SSN was not a requirement for school. … The gov should have strictly enforced the clause “not to be used for identification purposes.”
BTW, you are on my lawn.
Proof (if proof were needed) that Cyriak Harris is a warped genius
Previously in And Finally
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.
Denisse Leon (via Unsplash)