Federal education loan site exposes personal info of up to 21,000

Share this article:

Count the Department of Education as the latest federal agency to experience a privacy breach after the personal information of as many as 21,000 student borrowers accidentally appeared on its loan website.

Agency officials blame the breach on a software bug that surfaced while a contractor was applying an upgrade to the department's Federal Student Aid direct loan servicing site, where borrowers can sign on to make payments and view account balances.

Between Sunday night and Tuesday, the personal information - including names, Social Security numbers, addresses and birthdates - of up to 21,000 people who signed into the site during that time potentially were exposed, said Terri Shaw, the department's COO for federal student aid.

Those logged on the site could have only viewed the information of others who were simultaneously signed in and viewing one of six pages where the data was exposed, Shaw said. Those pages have since been disabled.

So far, there have been no reports of any information being misused, she said. The department's website service provider - Affiliated Computer Services of Dallas - has agreed to pay for up to one year's worth of free credit monitoring services for victims.

The department is in the process of writing letters to victims, notifying them of the breach, Shaw said.

In addition, the agency has asked its service provider to conduct an investigation into the software flaw.

"It was a software flaw that should have been caught," Shaw said. "There are no excuses for that. They need to review and revise their procedures."

Representatives from Affiliated Computer Services could not immediately be reached for comment today.

Other federal agencies to face data breaches in recent months include the departments of Veteran's Affairs and Energy, the Federal Trade Commission and the U.S. Navy.

 Click here to email reporter Dan Kaplan.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.