Glitch Exposes Data of Student Borrowers

The Education Department said Wednesday that it would arrange for free credit monitoring for as many as 32,000 student loan borrowers after their personal data appeared on its website.

Terri Shaw, the department’s chief operating officer for federal student aid, said the people involved were holders of federal direct student loans who used the department’s loan website -- www.dlssonline.com -- between Sunday and Tuesday.

It is the latest in a string of data thefts and security breaches affecting more than a half-dozen federal agencies in recent months.

Education Department officials blamed the breach on a routine software upgrade, conducted by contractor Affiliated Computers Services Inc., that mixed up data for different borrowers when users accessed the website. Since Sunday, 26 borrowers have complained.

“We’re not pleased, and we take this incident very seriously,” Shaw said. “We’ve asked ACS to determine how this glitch was missed in the testing process so we can make sure we fill that gap.”

She said the people affected will be contacted by the department by letter and offered free credit monitoring by Affiliated Computers Services.

A message left with the Dallas-based company was not immediately returned Wednesday.

The website program includes names, birthdates, Social Security numbers, addresses, phone numbers and in some cases account information for holders of federal direct student loans. It does not involve those who have loans managed through private companies.

Shaw said personal data might have been inadvertently mixed up if different users logged on to the website at about the same time and performed the same function, such as updating a home address. The department determined that about one-half of 1% of 6.4 million total borrowers, or 32,000, had logged on between Sunday and Tuesday.

The department has disabled the malfunctioning parts of the Web program and will not turn them back on until the problem is fixed. During that time, certain portions of the student loan website may not be accessed.

There have been no reports of identity theft stemming from the software glitch, Shaw said.

In recent months, at least eight other government agencies have reported data breaches. The biggest was the theft of a laptop and external drive containing information for 26.5 million veterans and active-duty troops from a Department of Veterans Affairs employee. That equipment has been recovered.