Data exploits vulnerable children

Black Market Hacker Service Rates

By: Tonya Mead, CFE, CHFI, PI, MBA, MA Educational Psychology

Did you hear about the data breach of information stored at the Alaska Office of Children’s Services today? The state divulged that personal information of “individuals who have interacted with the Alaska Office of Children’s Services” was accessed.

The fourfold purpose of the Children’s Services Division is to ensure:

  1. Safety
  2. Permanency
  3. Cultural Continuity, and
  4. Child and Family Well-being.
Yes, it sounds like bureaucratic speak. I did a little checking to find out exactly how many children and families may have been impacted by the data breach. I also wanted to dig deeper to figure out what types of information was obtained by hackers.  Here is what was found:
Almost 90,000 children living in Alaska are enrolled in Medicaid.  Another 10,182 children are enrolled in (CHIP), the state’s Children’s Health Insurance Program. Almost 15,000 children were referred to the state due to allegations of possible child abuse and neglect, After investigating the allegations; 2,898 were confirmed victims of abuse. The breakdown: “81.8% were neglected, 11.4% were physically abused, and 5.4% were sexually abused.”

An additional 2,658 were removed from nuclear family homes to out-of-home (group homes, foster care, residential treatment facilities) placement.

Regarding other supports, Alaska distributed almost $74 million to slightly more than 3,000 families each month for Temporary Assistance to Needy Families (TANF). And $12 million for the 19,682 women and children to receive the Supplemental Nutrition Program for Women, Infants and Children (WIC). 3,600 children each month received subsidized child care. 1, 593 children were enrolled in the state supported Head Start program. 2,320 state sponsored home visits were made to more than 184 families.

So why write this article?

I attended a briefing conducted by Secret Service Agents a few months ago and they stressed that criminals are targeting down line (small businesses and non-profits) rather than huge conglomerates and mutil-nationals for hacking. The firewalls and defense in depth systems are much more difficult to penetrate at these corporate entities than a small mom and pop, sole proprietorship operating on Main Street.

Similarly, it may prove much easier to hack a state-level social services governmental agency or division that has multiple routes for penetration, lots of data and minimal firewalls. The rationale for lax data security could be: “Hey, its not the state’s treasurers office or the tax assessors. It’s, the social services division, geez!”

Threat of Identity Theft is Real

As I have written in my book, application forms for aid and welfare support require the submission of confidential information (income, bank accounts, assets, child support payments).  Further, to receive support, benefit from home visits, education advocacy meetings and social service check-ins; phone numbers, emails, home addresses are routinely obtained, recorded, and stored.  Unbeknownst to some government workers, is the need to  prioritize data security. Even the data of society’s most vulnerable.

With all of the historical, generational family, educational, employment, distant relatives, civil and criminal, and contact information stored in the databases of social services agencies, there is little need to fabricate or build a new identity– just use what you’ve hacked. Now.  The information is so vast that a middle man is not needed to fill in the missing pieces. The data is good for the criminal from the get-go. Take a look at the attached Hacker Services price list provided by BankRate.  The rate for a full identity on the black market is $1,200 to $1,300.

As such, the potential for severe harm to our vulnerable population is considerable. According to the Identity Theft Center, criminals may “purposely target children [or those in need of social services] because of the often lengthy time between the fraudulent use of the child’s information and the discovery of the crime.”

Related articles

The threat of child identity theft is so severe that the Federal Trade Commission (FTC) provided information stating that, “a child’s social security number can be used by identity thieves to apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live…” The Federal Trade Commission (FTC) urges consumers to take immediate action if their child’s information is being misused.


In spite of the data breach, the State of Alaska should be commended for swiftly alerting the public. It is my hope that they too have alerted the victims so that they can take the appropriate counter measures on their own. Down on your luck temporarily does not mean that you’re permanently down for the count.

Tonya J. Mead, CFE, CHFI, PI, MBA, MA, Certified K-12 Administrator and School Psychologist is author of Fraud in Education: Beyond the Wrong Answer and president of Shared Knowledge, LLC