The U.S. Department of Education (ED) said Aug. 23 that it would arrange for free credit monitoring for as many as 32,000 student-loan recipients after their personal data appeared accidentally on its web site.
Terri Shaw, the department’s chief operating officer for federal student aid, said that the people involved are holders of federal direct student loans who used the department’s loan web site between Aug. 21 and Aug. 23.
It is the latest in a string of data thefts and security breaches affecting several federal agencies in recent months, including the Department of Veterans Affairs, which reported in May that a laptop computer containing the records of some 26 million veterans was stolen. The computer was recovered the following month, and no identity thefts have been reported as a result of the incident.
ED officials attributed the student-loan breach to a routine software upgrade, conducted by contractor Affiliated Computer Services Inc. (ACS), that mixed up data for different borrowers when users accessed the web site. Since Aug. 21, 26 borrowers have complained.
“We’re not pleased, and we take this incident very seriously,” Shaw said. “We’ve asked ACS to determine how this glitch was missed in the testing process, so we can make sure we fill that gap.” She said the people affected will be contacted by the department by letter and offered free credit monitoring by ACS.
Holders of federal direct student loans can manage their accounts at ED’s web site. Other types of student loans are managed through private companies.
A Boston lawyer, Nancy Newark, told the Boston Globe she went to the web site Aug. 22 to change the phone number on her account, and when she clicked “update” she saw someone else’s Social Security number, date of birth, and other personal information. She said she clicked three more times and each time got a new person’s personal information.
“How many opportunities were there for how many individuals to be provided with my information?” she said.
An ED spokeswoman said about 6.4 million people have loans in the program, but she did not know how many use the online system.
Joe Barrett, a spokesman for ACS, the Dallas-based contractor that maintains the software that caused the problem, said no identity theft had occurred as of press time.
“If it does, ACS will correct it and work with authorities to prosecute,” he said.
U.S. Department of Education
Affiliated Computer Services Inc.