Thursday, June 01, 2006

1.3 Million Student Loan Borrowers Data Lost

1.3-Million-Student-Loan-Borrowers-Data-Lost-audio post - click to play

"Lost" is a popular reality TV show which now may very
well become re-branded to include identity theft as the
number of security breaches continues to expose careless
data handling by companies entrusted with sensitive
consumer information.

In this latest episode of "Lost: The Missing Consumer Data",
we expose the misdeeds of Hummingbird, a Texas based
software company contracted by the Texas Guaranteed
Student Loan company to prepare a document management

Apparently an employee of Hummingbird "lost"
containing unencrypted names and
social security numbers
(ssn) of 1,300,000
borrowers as of May 24th.

What's appalling about this latest "lost" data episode opening
up 1.3 million consumers to identity theft and credit fraud is
the data was originally encrypted prior to transferral
to the "lost" hardware plus the Texas Guaranteed Student
Loan Corporation itself may have become a victim of it's own

In 2001, the General counsel of Texas Guaranteed Student
Loan Company provided commentary to the F.T.C. to support
strengthening the landmark G.L.B. consumer privacy legislation.

The opening remarks, on the surface, appear to be
supportive of more stringent privacy safeguards.

TG supports the Commission's endeavor to establish rules
that seek to protect the privacy of, among others,
those students receiving financial aid assistance.
We also appreciate the opportunity to comment on
the proposed Privacy Rule.

TG supports the establishment of safeguards designed
to ensure the security and confidentiality of customer
records and information.

..but then commentary provided by the company's counsel
suggests a much "looser" standard be applicable
to auditing as well as liability associated with contractors.

TG agrees that the proposed rule should not require
that particular audit procedures or tests be used,
as this approach is consistent with the flexibility
given throughout the rule to each entity to determine,
within the mandates of the Act and rule, how it can
best protect "customer" information.

...the currently proposed language seems to impose an
obligation on the part of the financial institution
that may be impossible or impracticable to meet. If
there is no previous business relationship between
the parties, how will the financial institution be
sure that the service provider actually "is capable"
of maintaining appropriate safeguards? We suggest
that the language be rephrased to require the financial
institution to utilize only those service providers it
reasonably believes to be capable of maintaining
appropriate safeguards.

Given, this was in 2001, before the California
disclosure law enactment which required companies
nation wide to disclose security breaches and as result
we have subsequently seen over 130 separate
negatively impacting over 80
million Americans

Unfortunately, this type of loose approach to
consumer data security has been the mindset
of U.S. business executives for years and as we
have seen by the volume of "lost" consumer
information cases reported just within the past
1.5 years, indicates you are virtually undefended
and naked to attack by any identity theft or
a careless employee.

To seize back control, take action immediately.

So, our tip for today is to seek out your credit
"freeze" available options in the state you
reside in. Even if you are not fortunate enough
to live within one of the handful of states with
credit freeze laws, still deny identity thieves
the ability to harm you financially.

Order your credit report and inspect it for any
suspicious activity. Then finally, to augment
that snapshot in time credit report, make sure
to enroll in a comprehensive credit


At 2:40 AM, Anonymous justaconcernedmom said...

I wonder how many of those lawyers who were arguing for the loose data security standards now have kids in college who have been finanicially hurt by this identity theft?


Post a Comment

<< Home