Federal loan data breach affects 32,000 students

WASHINGTON -- The Education Department said Wednesday it would arrange for free credit monitoring for as many as 32,000 student loan borrowers after their personal data appeared on its Web site.\nTerri Shaw, the department's chief operating officer for federal student aid, said the people involved are holders of federal direct student loans who used the department's loan Web site between Sunday and Tuesday.\nIt is the latest in a string of data thefts and security breaches affecting more than a half-dozen federal agencies in recent months.\nEducation Department officials blamed the breach on a routine software upgrade, conducted by Dallas-based contractor Affiliated Computers Services Inc., that mixed up data for different borrowers when users accessed the Web site. Since Sunday, 26 borrowers have complained.\n"We're not pleased, and we take this incident very seriously," Shaw said. "We've asked ACS to determine how this glitch was missed in the testing process so we can make sure we fill that gap."\nShe said the people affected will be contacted by the department by letter and offered free credit monitoring by ACS.\nA message left with the company was not immediately returned Wednesday.\nThe Web site program includes names, birthdates, Social Security numbers, addresses, phone numbers and, in some cases, account information for holders of federal direct student loans. It does not involve those who have loans managed through private companies.\nShaw said personal data may have been inadvertently mixed up if different users logged on at roughly the same time and performed the same Web site function, such as updating a home address. The department determined that about one-half of 1 percent of the 6.4 million total borrowers, or 32,000, had logged on to the Web site between Sunday and Tuesday.\nThe department has disabled the malfunctioning parts of the Web program and will not turn them back on until the problem is fixed. During that time, certain portions of the student loan Web site may not be accessed.\nThere have been no reports of identity theft stemming from the software glitch, Shaw said.\nIn recent months, at least eight other government agencies have reported data breaches. The biggest was the loss of a laptop and external drive containing information for 26.5 million veterans and active-duty troops. That equipment, lost by a Department of Veterans Affairs employee, has since been recovered.\nThe Boston Globe first reported the Education Department's glitch on Wednesday.