Follow-up: Data from the Toledo Public Schools attack by Maze reportedly being misused
In September, DataBreaches.net reported that Maze threat actors claimed to have attacked an Ohio public school district, but the district was not responding to inquiries from this site about the claims. One month later, this site named the district as Toledo Public Schools and reported that while Maze had dumped files with student and employee personal information, TPS was still ignoring inquiries from this site about the breach. To ensure that people in Toledo knew they were at risk, DataBreaches.net contacted local news outlets there who ran with the story.
Today, Shaun Hegarty of 13abc there contacted me to let me know that there have been reports of people trying to open car loans using the students’ information. Clearly, minors should not have credit reports, and should not be trying to take car loans. Shaun reports:
There is no kid at Harvard Elementary school who should have a car loan or a credit card but one parent we talked said someone is trying to open them up in his son’s name…. Here are some of the messages he’s received about his elementary schooler:
- The first one was for denial for a credit card.
- Another one happened when the child was denied for a car loan because it said the reason was because of his income ratio.
- One of the last ones was to have fixed electric rates.
- The family got a flier talking about the student’s Toledo Edison account and the gift card he could get by switching suppliers.
Read more on 13abc.
Parents in Toledo and around the country can make their lives a bit easier if they freeze their minor child’s credit until the child is old enough to use it. A credit freeze restricts access to your child’s credit file, making it harder for identity thieves to open new accounts in your child’s name. You can read the FTC’s FAQ on credit freezes, with directions on how to request one on the FTC’s site. When you apply for a credit freeze, be sure to tell the credit reporting agency that your child’s data were in a breach reported to law enforcement, and that that there has already been some evidence of attempts to misuse data from that breach.