Department of Education Site Exposes Data on 21,000 Users

By Martin H. Bosworth
ConsumerAffairs.com

August 25, 2006

Data Theft

• 68,000 CalOptima Members at Risk in Data Breach
• Express Scripts Extortion Scheme Widens
• Technology Could Be Key To Stopping Unauthorized Charges
• T-Mobile: No Hacking in Data Breach
• T-Mobile Confirms Data Breach
• Consumers Increasingly Concerned About Online Transactions
• Are Identity Theft Services Worth the Cost?
• Online Tools Help Spot Financial Fraud
• Financial Fraud Hits 7.5 Percent Of Americans In 2008
• Feds Charge Mortgage Broker In Potential Data Breach
• Millions of Credit Cards Exposed in Data Breach
• 2008 Data Breach Total Soars
• Bank Data Breach Threatens 248,000 in North Carolina
• GPS Not Foolproof
• Countrywide Warns Millions of Data Breach
• Thieves Steal AT&T Laptop with Employee Data
• Report: Data Breach Disclosure Laws Don't Affect Identity Theft
• Patient Information Exposed in Data Breach at Walter Reed
• Supermarket Chain Reports Data Breach
• Report: Feds Still Not Doing Enough To Secure Data
• Data Thieves Hit Georgetown University Students, Faculty
• 800,000 Job Seekers At Risk In Gap Data Breach
• TJX Data Breach Settlement Has Strings Attached
• More ...

An online student loan payment service under control of the Department of Education (DOED) leaked personal identifying information on 21,000 students between Sunday and Tuesday of this past week, according to the agency.

Federal Student Aid recipients who were trying to access information or make payments at DOED's Direct Loan Servicing Online Web site were able to view records of other borrowers while updating their own information.

Software company Affiliated Computer Services (ACS), which handles the loan processing for the Direct Loan Servicing system, installed a software upgrade on Sunday which caused the glitch.

When DOED started receiving complaints from users that they could view others' personal data, the online payment system was immediately disabled. The site's online payment system is currently disabled due to problems with "software upgrades," according to a message posted on the home page.

ACS spokesperson Lesley Pool said the software glitch was fixed on Tuesday and the online payment system would be disabled until it was fully tested. ""It is up to the (Education) Department to say when the code is ready to go," she said, according to CNet News.

ACS has a large number of profitable contracts to provide software services with companies ranging from government agencies like the Pension Benefit Guaranty Corporation (PBGC) to companies as diverse as UnumProvident and Burger King.

The company's press kit boasts that, "It would be hard for you to go through a day without encountering the products or services of our many clients in communications, education�government, healthcare, insurance, manufacturing, retail, travel, and transportation."

DOED officials said that there were no cases of identity theft reported from the data leak as of today, and that it would provide free credit monitoring for the affected users, to be paid for by ACS.

Neither the Direct Loan Servicing site or the main DOED site had any notices that borrowers may be vulnerable to identity theft as a result of the leak.

The Department of Education breach is far from the only example of potential identity fraud resulting from bad data practices in higher education. Student loan company Texas Guaranteed contracted data services out to third-party software company Hummingbird, which exposed the data of millions of borrowers when a contractor for the company misplaced a storage device containing the information.

Ohio University suffered multiple data breaches over the course of the past year, and was heavily criticized for not installing better network security or letting affected individuals know quickly enough.

Not to be outdone, many government agencies have suffered as a result of outsourcing data infrastructure work to third-party contractors. Unisys, a technology services firm performing insurance claim processing for the Veterans' Administration, had a desktop computer containing data on thousands of veterans stolen from its Reston, VA headquarters.

Government agencies have been rushing to lock down data weaknesses and provide stronger privacy protections across the board in the wake of the infamous theft of a laptop containing millions of personal records from the home of a VA analyst, often with mixed results and many problems left unsolved.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Share		Follow us on Twitter.

FREE CONSUMER NEWSLETTERS
The Daily Consumer Afternoons M-F Sign up now!	Consumer News & Alerts Every Sunday Sign up now!

CONSUMER NEWS

SAFETY RECALLS

Three Sisters Baby Hammocks

LATEST RATES

MOST-VIEWED PAGES

NEW COMPLAINTS

Consumer Direct Warranty Services
MicrosoftStore.com
DVDXpress
DinoDVDs.com
ShopDani.com
Mountain View Chevrolet, Upland, CA
VW Gallery, Norwood, MA
Arlington Motors, Arlington, VA
Burlington Volkswagen, Burlington, NJ
Toyota of Turnersville, Turnersville, NJ

Back to the top |

Custom Search

AUTOMOTIVE
• Dealers
• Manufacturers
• Service
• Extended Warranties
• Lemon Laws
• Recalls
• Tires
• Transporters

FAMILY
• Aging
• Children, Parenting
• Recalls
• Dating
• Education
• Entertainment
• Pets
• Weddings

FINANCE
• Annuities
• Banks
• Credit Cards
• Debt Collection
• Debt Counseling
• Insurance
• Investing
• Loans
• Mortgages
• Payday Loans
• Student Loans
• Tax Prep

HEALTH
• Doctors
• Drugs, Pharmacies
• Health Clubs
• Hearing Care
• Hospitals
• Nursing Homes
• Nutrition, Diets
• Vision Care
• Weight Loss

HOUSE & HOME
• Appliances
• Cookware
• Furniture
• Home Improvements
• Lawn & Garden
• Movers
• Pools & Spas
• Realtors, Rental Agents
• Recalls
• Utilities

ELECTRONICS
• Cable TV/DBS
• Cameras
• Cell Phones
• Computers
• Home Electronics
• Internet Access
• Local Phone Service
• Long Distance
• VoIP

SHOPPING
• In-Home
• Online
• Retail Stores
• Sporting Goods
• Supermarkets
• Telemarketers

TRAVEL
• Airlines
• Bus Lines
• Car Rental
• Cruises
• Hotels
• Travel Agents
• Trains

RESOURCES
• Class Actions
• Complaint Form
• Small Claims Guide
• Lemon Laws

CONSUMER NEWS
• Latest News
• Automotive
• Telecom
• Financial
• Health
• Homeowners
• Scams
• Seniors
• Travel
• More ...

RECALLS
• Automotive
• Children's Products
• Drugs
• Food
• Household Products
• Sporting Goods

ABOUT US
• FAQ
• Privacy Policy
• Advertise With Us
• Newsroom
• Syndication
• Terms of Use

Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice. ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof.