Education data breach puts 21,000 student loan borrowers at risk

Student loan holders logging on to an Education Department Web site between Sunday night and Tuesday morning exposed their personal identities to others as a result of a glitch in a contractor's efforts to service the site.

As first reported in the Boston Globe Wednesday, as many as 21,000 borrowers in the Federal Direct Student Loan Program could have had their personal data, including Social Security numbers, birthdates and addresses, compromised in yet another government agency data breach.

This incident follows a string of publicized breaches governmentwide, affecting information systems in more than a dozen federal agencies.

Dallas-based Affiliated Computer Services Inc. was performing a software upgrade on the Federal Student Aid Web site when the glitch occurred, an Education Department spokeswoman said. From around 9 p.m. Sunday until 10:15 a.m. Tuesday, users performing a certain task on the Web site would see the personal information of the last person who tried to complete the same task, officials said.

The Web site was partially shut down Monday and another part was shut down Tuesday, according to the spokeswoman.

ACS is offering free credit monitoring for a minimum of one year to all affected students, according to Education's spokeswoman. As of Wednesday, 26 people had contracted the department.

The spokeswoman noted that the 21,000 affected loan borrowers represent less than one-half of 1 percent of the 6.4 million people who have loans through the program.

ACS did not respond to requests for comment, but a spokesman for the company told the Boston Globe that no identity theft has occurred yet and if it does happen, the company will "correct the situation and help prosecute."

Rep. Edward Markey, D-Mass., co-chair of the congressional Privacy Caucus, said the Education Department cannot openly expose the financial information of student loan borrowers without promising significant efforts to protect those individuals from identity theft.

"From veterans to on-duty military personnel and now to student loan borrowers, the Bush administration has made breaches of privacy a regular occurrence and a signature of its tenure in Washington," Markey said.

This is at least the second reported government data breach involving a contractor this month.

On Aug. 3, the Veterans Affairs Department was notified that a desktop computer containing the names, Social Security numbers and medical data of as many as 38,000 people went missing from the offices of an agency subcontractor. This followed the early May data breach where the personal information of 26.5 million people was stolen from the home of a department employee. The data was subsequently recovered.

In late July, a laptop from the Transportation Department inspector general's office containing the personal information of 133,000 Florida residents was stolen from a government-owned vehicle.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.


When you download a report, your information may be shared with the underwriters of that document.