Last week, the personal data of employees and students in a Las Vegas public school district with about 320,000 students was made public after the district refused to pay a hacker’s ransom. The released documents contained Clark County Public School District personnel and student records, Social Security numbers, addresses, grades and other private information stolen in an August 27 ransomware attack.
School officials and law enforcement are reportedly investigating the incident, which involves the largest district victimized to date in a broader trend1 of cyberattacks against schools. More than 5.6 million attacks on American school districts occurred in the last month alone, according to Microsoft.2 The new school year has already been disrupted by breaches in both the U.S.3 and Canada,4 where many students are learning online during the pandemic.
As well as potentially several hundred thousand in ransom, a data breach at a U.S. educational institution carries a cost of $3.9 million according to the IBM Security 2020 cost of a data breach study. Forensic investigations may be needed to identify the source of the breach, essential business operations could be disrupted, and substantial mitigation expenses and legal fees can be incurred. Schools’ current financial struggles notwithstanding, Cyber and Privacy Insurance is an essential investment.
Fortunately, Cyber and Privacy Insurance provides a tremendous return on that investment, assisting K-12 and colleges in strengthening their cyber protocols as well as paying for costs following a cyberattack.
Ransomware attacks on school systems represent just one of many ways that hackers can access personal information, highlighting individuals’ growing need for personal cyber protection. During October’s National Cybersecurity Awareness Month, an initiative by the U.S. Department of Homeland Security to boost cybersecurity education and awareness, parents are being encouraged to consider the security of their family’s private data.
Families’ digital safety requires continual monitoring
“We are in an age where it is impossible to not have a digital identity for your child and it starts at birth,” said Neil Gurnhill, CEO, Node International, London, England. “Cases such as the one in Las Vegas are becoming more common. You and your loved ones’ digital identities are now regularly falling into the hands of criminals through no fault of your own.”
The unfortunate reality is that many, if not most of us, have had our private information compromised. Names, addresses, Social Security numbers, login information — this information is widely available for sale on the dark web.
“The unfortunate reality is that many, if not most of us, have had our private information compromised,” said Bill Gatewood, Corporate Senior Vice President, National Personal Insurance Practice Leader, Burns & Wilcox, Detroit/Farmington Hills, Michigan. “Names, addresses, Social Security numbers, login information — this information is widely available for sale on the dark web.”
The likelihood that your information has been exposed is the unfortunate consequence of massive data breaches5 that have affected most major retailers in recent years, Gatewood said. Paired with the average individual’s ever-expanding digital footprint, increasingly common and sophisticated attacks mean consumers must be vigilant to protect themselves.
Cyberman365, a new product line offered by Burns & Wilcox through a partnership with Node International, provides personal cyber protection for the entire household, including individuals, children and home network devices. It includes identity restoration support in addition to 24-hour monitoring of the dark web, credit reports, social media, court records and bank accounts.
Monitoring is important even in families with young children, whose identity could be used fraudulently for years without their parents’ knowledge. “We are not in the habit of running credit reports on our children,” said Gatewood. “However, when a child’s Social Security number is leaked, criminals can use it to establish lines of credit in that child’s name and the fraud can go undetected for years.”
As ransomware attacks rise among educational institutions and health care organizations,6 families also risk their children’s data being released over free, easily accessible apps and online games. Google removed 17 Android apps7 infected with malware from the Play Store last week—after the apps had already been downloaded more than 120,000 times. The spyware identified was designed to steal text messages, contact lists and other information.
“Users do not know what these apps are doing in the background on their devices. When an app is free, nine times out of 10 its users become the product,” Gurnhill explained. “It is very easy to put malware on apps and families with young children, who have a habit of carelessly clicking on things online, are more likely to download viruses.”
With children’s data inevitably being stored by—at minimum—government agencies and schools, being proactive is parents’ best defense. “With each family member’s digital footprint comes huge risk,” Gurnhill said. “It is impossible to opt out of everything, so we have to take advantage of solutions like Cyberman365 that are expressly designed to safeguard our digital well-being.”
Resolving identity theft can be costly, time-consuming
In 2019, the U.S. Federal Trade Commission received more than 3.2 million reports of fraud and other complaints, including 650,572 identity theft reports,8 and Americans lost more than $1.9 billion to fraud.9 Canadians lost $21.2 million10 to identity theft in 2018, up from $11.7 million in losses in 2017.
Even when a case of identity theft is discovered early, resolving it can be a challenge.
“Victims of identity theft have had bank accounts drained,” Gatewood said. “While ultimately they are not held responsible for replacing those funds, it takes months of effort to achieve that resolution. It is very stressful, emotionally draining, and takes time away from work.”
“The costs of identity theft recovery can be broad,” Gurnhill said. “Victims may have to travel to prove their identity, and there are costs involved with securing documentation or reissuing passports. Sometimes banks fail to help victims of fraud recover their money. Having access to risk mitigation services that provide robust financial protection in the event of a fraudulent transaction is paramount.”
Fraud involving government programs like unemployment compensation can be especially devastating for victims. A woman in California recently had her disability payments disrupted over a fake unemployment claim filed in her name;11 her case is one example of many amid a spike in unemployment fraud in the U.S.12 Similar cases have been reported in Canada.13
Being able to provide victims with access to a remediation center for assistance is a major benefit. Recovering from identity theft can be overwhelming.
“Victims may not find out that their identities have been exploited until years after the fact, and then they have to prove that they were victims and not responsible for expenses or damages,” Gatewood explained. “Doing that takes a significant amount of time, and involves a tremendous amount of red tape. Being able to provide victims with access to a remediation center for assistance is a major benefit. Recovering from identity theft can be overwhelming.”
Child safety and ‘a new age of risk’
Sadly, the consequences of a cyber breach are too often not limited to financial losses. Children can be at risk for emotional or even physical harm if their private information falls into the wrong hands, Gatewood emphasized, citing a December incident involving a breached Ring video camera located in a child’s bedroom.14 Most recently, a young Michigan girl was coerced into sending images of herself to a 48-year-old registered sex offender in Kansas.15 The girl reportedly communicated with the man on the game Roblox and sent images in exchange for online currency in the game.
“Kids are truly at risk for potentially irreparable harm,” Gatewood said.
While families lock their doors at night and utilize home alarms, many remain unaware of how to secure their wireless networks and other digital devices.
Addressing a household’s cyber risk does not mean avoiding video games, apps or other popular activities, which can provide a positive outlet during an otherwise socially isolated time. “Parents who are aware of the risks and discuss online safety with their children are the best safeguard against cyber victimization,” said Gurnhill.
Additionally, families can take simple steps to secure their home networks like changing the default router password to one that is strong and unique. Wireless networks are a common source of breaches because the systems are often easy to penetrate. “Default router passwords and information on where certain routers are located in a neighborhood can be purchased online,” Gatewood pointed out. With the default password for a particular brand of router, hackers can access a WiFi network and hack personal computers, phones, TVs, tablets, sprinkler systems, doorbells, kids’ gaming consoles—all of a household’s devices.
“With everyone working and learning remotely, hardening home networks is more important than ever,” Gatewood said. “Most cyberattacks are crimes of opportunity. A home network does not need to be impenetrable to discourage a hacker.”
Identity theft and other types of fraud continue to increase amid the COVID-19 pandemic,16 making solutions like Cyberman365 essential. “With the rapid expansion of the digital world comes a new age of risk. Our personal data is the criminal’s new gold; they want to get it at all costs, and governments, banks and regulatory bodies simply are not doing the best job at protecting it,” Gurnhill said.
“We need to protect our personal data the same way we protect our homes, vehicles and our families’ physical health,” Gatewood stressed. “Personal cybersecurity should be in the same category as the rest of our personal risk management and loss prevention practices.”
1 Gordon, Brian. “Rise of ransomware attacks on NC schools hinder virtual learning.” Citizen Times, August 28, 2020. 2 Quealy, Benjamin. “School districts most vulnerable, targeted organizations of cyber attacks.” Traverse City Record Eagle, September 23, 2020. 3 Ali, Safia Samee. “Miami-Dade Public Schools' remote learning platform endures days of cyberattacks.” NBC News, September 2, 2020. 4 Coughlan, Sean. “Cyber threat to disrupt start of university term.” BBC News, September 17, 2020. 5 Swinhoe, Dan. “The 15 biggest data breaches of the 21st century.” CSO, IDG Communications, Inc., April 17, 2020. 6 “2020 Breach Barometer.” Protenus, 2020. 7 Cimpanu, Catalin. “Google removes 17 Android apps caught engaging in WAP billing fraud.” ZDNet, September 27, 2020. 8 Federal Trade Commission. “Consumer Sentinel Network: Data Book 2019,” January 2020. 9 Federal Trade Commission. “New FTC Data Shows that the FTC Received Nearly 1.7 Million Fraud Reports, and FTC Lawsuits Returned $232 Million to Consumers in 2019.” January 23, 2020. 10 Borzykowski, Bryan. “4 things you need to know about identity theft right now.” Chartered Professional Accountants Canada, March 14, 2019. 11 Finney, Michael. “Northern California woman watches via text as scammer drains EDD benefits.” ABC7 Los Angeles. KABC, September 25, 2020. 12 Federal Bureau of Investigation. “FBI Sees Spike in Fraudulent Unemployment Insurance Claims Filed Using Stolen Identities.” July 6, 2020. 13 Brockbank, Nicole. “Toronto woman's CERB payments on hold after fraudster makes EI claim in her name.” CBC News, August 4, 2020. 14 Chiu, Allyson. “She installed a Ring camera in her children’s room for ‘peace of mind.’ A hacker accessed it and harassed her 8-year-old daughter.” Washington Post, December 12, 2019. 15 “Man arrested for inappropriate relationship with 8-year-old Bloomfield Twp. Girl through Roblox.” ABC7 Detroit. WXYZ, September 24, 2020. 16 Cohn, Michael. “Fraud on the rise during coronavirus pandemic.” Accounting Today. September 11, 2020.