The theft occurred the weekend of March 20 from the St. Paul, Minn. headquarters of Educational Credit Management Corp. (ECMC), a student loan guarantor. The nonprofit disclosed on its website Friday that the stolen portable media device contained personally identifiable information, including the names, addresses, dates of birth and Social Security numbers, for 3.3 million ECMC student loan borrowers.
“We deeply regret that this incident occurred and the stress it has caused our borrowers and our partners and are doing everything we can to help protect our borrowers' identity and personal information,” Richard Boyle, president and CEO of ECMC, said in a statement.
ECMC discovered on the afternoon of March 21 that the drive was missing and contacted law enforcement, the company said in a news release Friday. The ECMC security department is currently assisting local, state and federal law enforcement in an investigation into the incident, a company spokesman told SCMagazineUS.com on Monday.
No savings, checking or credit card information were contained on the stolen device, ECMC said. In addition, no misuse of the stolen data has been reported.
The ECMC spokesman said he could not provide any other details about the theft due to the ongoing investigation.
The nonprofit is working to notify affected individuals by mail. Victims will be offered a free, one-year subscription to credit monitoring and protection services.
In addition, ECMC enlisted the help of outside information security professionals to assess its physical and information security protocols and provide recommendations about how to prevent a similar incident from occurring in the future, the spokesman said.“We have already begun implementing additional security measures,” he said.