ECMC Group Inc., a student-loan guarantee agency in Minnesota, acknowledged on Friday a data breach in which the personal information of 3.3 million borrowers, including their Social Security numbers, was compromised.
Guarantee agencies such as ECMC are the private entities that, under the U.S. government's system of federally subsidized student loans, collect government money and then turn around and pay it to private loan companies when borrowers default on their student loans.
ECMC said in a written statement that the affected borrowers would be notified and given free credit protection and monitoring services. "We deeply regret that this incident occurred and the stress it has caused our borrowers," ECMC's president and chief executive, Richard J. Boyle, said in the statement.
ECMC's admission of the data theft came one day after Congress voted to shut down the bank-based system of student lending in favor of direct lending by the Education Department, in part because of the cost and complexity of the bank-based system.
The data theft "occurred sometime during the weekend of March 20-21," the company said in its statement. The company was instructed by the FBI not to discuss the matter publicly until Friday, according to the Education Department.
"Protecting student privacy is a top priority for the department," said Justin Hamilton, a department spokesman. "We are working with ECMC to make sure that affected individuals are provided with resources to protect their information and to provide them with identity-theft insurance."
Comments
1. wmartin46 - March 29, 2010 at 12:58 pm
It's way past time for the Federal Government to mandate that all personal information in databases be encrypted. Given that data can be stolen in any number of ways, it may be impossible to devise security that precludes data theft. But storing data in clear text is simple unacceptable. While encryption schemes can be broken, there is simply no excuse for making it easy for data thieves, as is currently the case by not encrypting this valuable personal information.
2. tmcdonal - March 29, 2010 at 04:18 pm
The end of privacy. During the past 2 years, I have been informed that my personal information was jeopardized because of the theft of laptops--one used for voter registration, the other health insurance (Blue Cross, Blue Shield). What is one to do? If I want to vote or buy health insurance, I must provide personal information which will be stored on a computer. I can't opt out of electronic storage...or can I?
I say we form a group to lobby for the return to credenzas.
3. davi2665 - March 30, 2010 at 04:05 pm
Welcome to the brave new world where everyone's private information is readily available for theft and dissemination, as well as use for scams and identify theft. It happens over and over, accompanied by pathetic statements of "oops" and assurances of how seriously it is taken. Right! Anyone who thinks this will not happen with the new push for universal use of electronic medical record systems for all patient data is smoking something potent. When added to the ability of electronic monitoring to intercept electronic communications of all kinds, there is no aspect of our lives that remains autonomous and private. But isn't that what everyone seems to want when they promote a government that becomes more and more intrusive, and takes over more and more aspects of peoples' lives?