Dept. of Ed. site reveals 21,000 borrowers info

Software glitch displayed other users' information when certain functions used.
Written by Richard Koman, Contributor

A software glitch caused a Dept. of Education website to expose personal information of 21,000 federal student loan recipients, the Boston Globe reports.

Between Sunday night and Tuesday morning, users of the loan website were shown other borrowers' data when performing certain tasks.

Personal information -- including names, Social Security numbers, birth dates, and addresses -- would have been revealed only to other people who were signed in at the same time to the website for the loan program, known as Federal Direct Student Loan Program. When users tried to perform certain tasks, the website showed them the personal information of the last person who tried to do the exact same thing, probably seconds earlier, department officials said. Affiliated Computer Services Inc., a Dallas-based Fortune 500 company that manages the software, caused the problem, Terri Shaw, COO for federal student aid, said.

``There is no excuse" for the errors, she said. ``It should have been caught."

Affiliated has agreed to pay for credit monitoring for all affected borrowers, and those potentially exposed will be notified

Boston lawyer Nancy Newark told the Globe that she complained to the department after she tried to update her phone number on the website. Each time Newark clicked update, she saw a different person's name, Social Security number, and other data.

US Representative Edward J. Markey, the ranking Democrat on the House Telecommunications and Internet Subcommittee, criticized the Bush Administration for the breach.

Editorial standards