Loan company reports loss of data on 1.3 million

About 1.3 million customers of a Texas provider of student loans are at risk of ID fraud, after a contractor lost computer equipment with sensitive information on them.

The equipment, which was not identified, contains the names and Social Security numbers of the borrowers, the Texas Guaranteed Student Loan company said in a statement Tuesday. The hardware was lost by an employee of Hummingbird, a enterprise software company hired to prepare a document management system, it said.

The information was prepared by the loan company in January for use by Hummingbird. The data was encrypted and password-protected, but subsequently decrypted and stored on the now-lost hardware by the Hummingbird employee, Texas Guaranteed Student Loan said. However, the lost hardware does require a password for access.

"The data was protected through security measures, and given the technology that would be required to retrieve the data, Hummingbird believes that any misuse of the data is extremely unlikely," Toronto-based Hummingbird said in a statement Wednesday.

The equipment was lost on May 24, and Texas Guaranteed Student Loan was notified by Hummingbird two days later, according to the financial institution's statement.

The incident is the latest in a long string of data security breaches. Last month, data on 26.5 million U.S. veterans was seized following the theft of hardware from the home of a government employee. Others who have lost such data include the Metropolitan State College in Denver, the U.S. Department of Agriculture, and Los Angeles' Department of Social Services, according to the Privacy Rights Clearinghouse.

Identity theft continues to plague consumers, topping the list of fraud complaints reported to the Federal Trade Commission last year. Consumers filed more than 255,000 identity theft reports to the FTC in 2005, accounting for more than one-third of all complaints, the agency said in January.

Texas Guaranteed Student Loan said it plans to notify by mail each individual affected by the breach. This notification will include recommendations on how to protect against identity fraud, the company, the administrator of the Federal Family Education Loan Program, said on its Web site.

[Vetter83]

This WILL only continue.....

until the companies or parties that have, collect, or sell such information are deemed liable for all costs, reprecussions and damages for the mishandling or safegaurding of same... maybe a fine of $10,000 per file to true information owner, plus all costs will make them a bit more careful.
Opps, sorry.. there I go making sense again....

[BoredAgain]

Re: This WILL only continue.....

Do you really think these companies are just carelessly leaving data around? They stand to lose revenue just by having their name mentioned in an article discussing the loss of data.

But let's say for example they could be fined an astronomical amount of money for losing data. Where do you think that money would come from? The cost would come right back to the consumers in the form of higher prices for products and services.

[CancerMan2]

Street Value Of $130 Million

Those $1.3 million lost SSNs can be sold on the street to illegals for about $100 a piece. That put a street value of the data at $130 million. The value to the employers of the illegals is even higher than this, perhaps they buy these numbers in bulk to provide to the illegals directly.

[devil with no socks]

This is the second time in two years

that my data has been "lost" by student loan corporations. This time I'm suing.

[devil with no socks]

Got the notification today

I just got the letter today infroming me that my data was "lost" and it only took two weeks.

[devil with no socks]

Encrypted files my *** here is the truth

from www.sfgate.com

Company officials said encrypted electronic files containing the data were sent to an office for Toronto-based Hummingbird Ltd., which helps companies manage large amounts of information. A Hummingbird employee downloaded, DECRYPTED and stored the files on a piece of equipment that was later lost. The company would not identify what type of equipment it was.

The last sentenced has been deleted from every article printed about this incident, including the letter I received.

[devil with no socks]

Sorry, I meant to say this sentence has

been deleted "A Hummingbird employee downloaded, decrypted and stored the files on a piece of equipment that was later lost." from the article on www.sfgate.com

[jhthomas424242]

Why did they still have my SSN in their database

I paid off my student loan with this company more than 20 years ago. The only reason I got the notice sent to my former address in the mail is because a relative bought my parents house. There are surely many thousands of people who won't even receive a letter informing them of what happened. Why do they have my SSN in their database 20 years later? Aren't their any laws saying they must destroy this data? This is absolutely rediculous.