August 23, 2006 - MARKEY GRILLS DEPT. OF EDUCATION ON INTERNET SECURITY BREACH, URGES FREE CREDIT MONITORING FOR STUDENT LOAN BORROWERS

WASHINGTON, D.C. -- Rep. Edward Markey (D-MA), co-chair of the Privacy Caucus, sent a letter today to Department of Education Secretary Margaret Spellings, after today’s report in the Boston Globe revealed a tremendous breach in security for thousands of Americans who monitor their student loans online.  Rep. Markey called on the Department of Education to offer free credit monitoring for all those whose financial information was exposed in the security breach and asked key questions about the problem and its impact on borrowers in Massachusetts and around the country.

Rep. Markey said, “We are learning about new breaches of American’s privacy every day. The Department of Education cannot openly expose the financial information of student loan borrowers without promising significant efforts to protect those individuals from identity theft.  From veterans to on-duty military personnel and now to student loan borrowers, the Bush Administration has made breaches of privacy a regular occurrence and a signature of its tenure in Washington.”

Rep. Markey’s letter to Sec. Spellings is below:

August 23, 2006

The Honorable Margaret Spellings
Secretary
United States Department of Education
400 Maryland Avenue, SW
Washington, DC 20202

Dear Secretary Spellings:

I am very concerned about the adequacy of personal privacy protections on the Department of Education website in light of a story in this morning’s Boston Globe entitled, “Glitch reveals too much information on Education Department website.”

The story recounts the experience of a Ms. Nancy Newark, a Boston attorney, who manages her student loan payments online through the Department’s website.  When updating her telephone number on the Department’s website on Monday evening, Ms. Newark clicked on the “update” button and was able to view another person’s personal information including their name, Social Security number, date of birth, address, phone number, and email address.  She claims to have seen the information of three additional people when she attempted to correct her information.

Presumably, all of those individuals, along with a reported 6.4 million others, also monitor their student loans online.  This is a very serious breach of sensitive financial information and a potential windfall for identity thieves.  The Globe reports that “A federal Department of Education official said yesterday that a routine software upgrade made Sunday night introduced a bug into the system that mixed up the data of different borrowers.”

While I am hopeful that this is in fact a “bug” and not a systemic problem at the Department, I would appreciate your response to the following:
1.      Have you determined how many individuals’ private financial information breached prior to fixing the problem?

2.      Have you immediately notified each person whose personal information was compromised that a security breach had occurred so that they can protect their financial information as best as possible going forward?

3.      Will you be offering credit monitoring, fraud protection or other similar services to those individuals whose personal information was compromised?

4.      Is the system that failed in the case of this data base being used to manage data elsewhere in the Department?  Where?  What has been done to secure those data bases?

5.      What steps do you intend to take to strengthen the Department of Education’s data security policies in the wake of this security breach?

As I am sure you are aware, Social Security numbers and date of birth information are pure gold in the hands of identity thieves, who quickly convert them into credit cards and cash equivalents to perpetrate massive frauds. 

I look forward to your response and am hopeful that the Department of Education can restore the confidence of borrowers who rely on its website to conduct student loan transactions.  Should you have any questions please contact me or my staff at 202-225-2836.

For more on Rep. Markey’s privacy and security work, please go to http://markey.house.gov.

FOR IMMEDIATE RELEASE
August 23, 2006

CONTACT: Israel Klein
202.812.8193