The US Department of Education's Free Application for Federal Student Aid program requires any student applying for federal aid for college or university to turn over an enormous amount of compromising personal information, including current and previous addresses, driver's license numbers, Green Card numbers, marital details, drug convictions, educational history, tax return details, total cash/savings/checking balances, net worth of all investments, child support received, veterans' benefits, children's details, homelessness status, parents details including SSNs, and much, much more.
If you have the Social Security Number, data of birth, and full name of anyone who's applied for college grants or loans, you can then feed it into the Free Application for Federal Student Aid website and it will show you all this data.
20,000,000 people have their data in this database.
Equifax and several other services have breached the Social Security Numbers of millions of Americans. The going price for a person's SSN on the darkweb is $4-5.
What indications are there that ID thieves might already be aware of this personal data treasure trove? In March 2017, the Internal Revenue Service (IRS) disabled an automated tool on its Web site that was used to help students and their families apply for federal financial aid — citing evidence that identity thieves were abusing it to siphon data used to commit tax refund fraud with the IRS.The IRS found that identity thieves were abusing the automated tool — which pulled data directly from the FAFSA Web site — in order to learn the adjusted gross income (AGI) of applicant families. The AGI is crucial to successfully filing a tax refund request in someone’s name at the IRS.
While the IRS’s tool is no longer online, this post shows how easy it remains for identity thieves to gather this same information directly from the FAFSA Web site.
Think it’s hard to find someone’s SSN and DOB? Think again. There are a multitude of Web sites on the open Internet and Dark Web alike that sell access to SSN and DOB data on hundreds of millions of Americans — all for the price of about $4-5 worth of Bitcoin.
Name+DOB+SSN=FAFSA Data Gold Mine
[Brian Krebs/Krebs on Security]