Student Borrowers’ Personal Data Posted

The Education Department said Wednesday that it would arrange for free credit monitoring for as many as 21,000 student loan borrowers after their personal data appeared on its website.

Terri Shaw, the department’s chief operating officer for federal student aid, said the people involved were holders of federal direct student loans who used the department’s loan website -- www.dlssonline.com -- between Sunday and Tuesday.

It is the latest in a string of data thefts and security breaches affecting more than half a dozen federal agencies in recent months.

Education Department officials blamed the breach on a software upgrade conducted by Dallas-based contractor Affiliated Computers Services Inc. that mixed up data for different borrowers when users accessed the website. Since Sunday, 26 borrowers have complained.

“We’re not pleased, and we take this incident very seriously,” Shaw said. “We’ve asked ACS to determine how this glitch was missed in the testing process so we can make sure we fill that gap.”

She said the people affected would be contacted by the department by letter and offered free credit monitoring by ACS.

A message left with the company was not returned Wednesday.

The website program includes names, birthdates, Social Security numbers, addresses, phone numbers and in some cases account information for holders of federal direct student loans. It does not involve those who have loans managed through private companies.

Shaw said personal data may have been mixed up if different users logged on at about the same time and performed the same function, such as updating an address. The department determined that fewer than one-half of 1% of the 6.4 million total borrowers -- or roughly 21,000 -- had logged on to the website between Sunday and Tuesday.

The department has disabled the malfunctioning parts of the Web program and plans to leave them off until the problem is fixed. During that time, certain portions of the student loan website may not be accessed.

There have been no reports of identity theft stemming from the software glitch, Shaw said.

In recent months, at least eight other government agencies have reported data breaches. The biggest was the loss of a laptop and external drive containing information for 26.5 million veterans and active-duty troops. That equipment, lost by a Department of Veterans Affairs employee, has since been recovered.