BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Improper access to student PII granted, 60 mil exposed

From: Chris Walsh <cwalsh () cwalsh org>
Date: Tue, 17 Apr 2007 11:27:32 -0500
Report: Lenders illicitly accessing student database
Published: 2007-04-16

A database containing the personal and financial details of nearly 60 million students had repeatedly been accessed by 
some lending companies in ways the violated federal privacy laws, the Washington Post reported on Sunday.

According to the article, the database contains everything needed to steal a person's identity, including students' 
names, Social Security numbers, addresses, phone numbers, birth dates and phone numbers as well as information on loan 
balances. Some lending companies have apparently given unauthorized users, such as marketing companies, access to the 
information in the database on a regular basis, according to the Post's article.

"We are just in shock that student data could be compromised like this," Nancy Hoover, director of financial aid at 
Denison University, told the Washington Post.

The revelation comes as some lending companies and schools are under fire for improper relationships. At least three 
financial aid directors at various schools have resigned positions or been put on administrative leave after ties with 
student-lending firm Student Loan Xpress were uncovered. The possible improper access of a database on 60 million 
students puts the breach in the same category as the repeated breaches of retail giant TJX that led to the leak of at 
least 46.5 million credit-card numbers and the attack on CardSystems Solutions that resulted in the possible compromise 
of some 40 million credit-card numbers.

Officials at the U.S. Department of Education are mulling a possible shut down of the database system while access 
policies and security are tightened, according to the Post.

[http://www.securityfocus.com/brief/484]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 207 million compromised records in 620 incidents over 7 years.
Previous By Date Next
Previous By Thread Next

Current thread: