[Dataloss] Improper access to student PII granted, 60 mil exposed

Chris Walsh cwalsh at cwalsh.org
Tue Apr 17 16:27:32 UTC 2007


Report: Lenders illicitly accessing student database
Published: 2007-04-16

A database containing the personal and financial details of nearly 60 million students had repeatedly been accessed by some lending companies in ways the violated federal privacy laws, the Washington Post reported on Sunday.

According to the article, the database contains everything needed to steal a person's identity, including students' names, Social Security numbers, addresses, phone numbers, birth dates and phone numbers as well as information on loan balances. Some lending companies have apparently given unauthorized users, such as marketing companies, access to the information in the database on a regular basis, according to the Post's article.

"We are just in shock that student data could be compromised like this," Nancy Hoover, director of financial aid at Denison University, told the Washington Post.

The revelation comes as some lending companies and schools are under fire for improper relationships. At least three financial aid directors at various schools have resigned positions or been put on administrative leave after ties with student-lending firm Student Loan Xpress were uncovered. The possible improper access of a database on 60 million students puts the breach in the same category as the repeated breaches of retail giant TJX that led to the leak of at least 46.5 million credit-card numbers and the attack on CardSystems Solutions that resulted in the possible compromise of some 40 million credit-card numbers.

Officials at the U.S. Department of Education are mulling a possible shut down of the database system while access policies and security are tightened, according to the Post.

[http://www.securityfocus.com/brief/484]


More information about the Dataloss mailing list