1.75M student loan borrowers have personal data compromised

by mcastellon on June 30, 2006

A group of customers larger in number than the city of Dallas, TX, has had their personal data exposed by a third-party contractor of one of the nation’s largest student loan lenders.

Almost 2 million student loan borrowers have had their names and social security numbers compromised. Texas Guaranteed Student Loan Corporation said a third-party contractor is at fault for the blunder. Here is an e-mail that recently was sent to one of its customers. The reason why TGSLC waited over a month to notify its customers of the data loss remains unknown:

On May 26, 2006, Texas Guaranteed Student Loan Corporation (TG) was
notified by Hummingbird, a company TG contracted with to implement a
document management system, that a Hummingbird employee had lost a
piece of equipment containing the names and Social Security numbers of
a portion of TG’s borrowers. TG announced this loss publicly on May 30
and has identified your information as included on the lost equipment.

While TG has mailed letters notifying affected borrowers, and you may
already have received that notification (sent to your last known
address), several states also require notification by e-mail if TG has
an e-mail address on file. This e-mail is being sent to you in
addition to our mailed notice. Please access TG’s web site,
www.tgslc.org/resources/customerdata..cfm, where you may view the
borrower notification letter and see the recommended steps to take to
protect your personal information. If you have questions, please
visit the Frequently Asked Questions section of the web site or
contact our toll-free Privacy Information Hotline and speak with a
representative. TG staff is currently available by calling (800)
530-0626, Monday through Friday 7:00 a.m. to 7:00 p.m. (CDT) or
Saturday 8:00 a.m. to 1:00 p.m. (CDT).

TG remains committed to the security of any personal information we
receive from our customers, and we regret any concern and frustration
caused by this incident.

TGSLC has also posted the following vaguely phrased message on its website:

After our third-party contractor notified us of the loss of their equipment, we worked to identify each individual who may be affected by this incident. If your information was part of the data set on the equipment that was lost, we will be sending notification to you by mail within the next few weeks. This notification will also include recommendations on how to protect yourself from identity theft.

Previous post:

Next post: