A new report from Javelin Strategy & Research says that in 2017, more than 1 million children in the United States were victims of identity theft, resulting in $2.6 billion in losses. Families paid an estimated $540 million in out-of-pocket costs because of the fraud.

Kids are establishing online footprints earlier and earlier, which helps identity thieves gain access to their information. Digitization of school and medical records assists as well.

Children’s identities are worth more on the black market, making them an especially alluring target for thieves.

“In the hacker community, children’s data is so much more valuable than adult data when you’re trying to create new identities,” says Hemu Nigam, founder of SSP Blue, an Internet security consultant business and former VP of internet enforcement at the MPAA. “Because there’s no existing record, a hacker can create a credit card application using legitimate information and the child and parent won’t know it happened until the child becomes of adult age — and by that time, they have an awful credit score and don’t know what’s going on.”

Parents are warned to regularly contact credit reporting companies once or twice per year to inquire if there is a file with their child’s name. If so, it could indicate a security issue. It’s not a bad idea to freeze your child’s credit if abnormal activity is detected. Since they have no need to access it at this point, there’s little to no downside — and it protects them from starting off life with a black financial mark against them.