Security | News

Education Department Computer Glitch Exposes Student Financial Records

• By Kanoe Namahoe
• 10/28/11

A technical malfunction on the United States Department of Education's Direct Loan Web site made the financial records of as many as 5,000 borrowers temporarily available for public view earlier this month, a senior department member revealed Tuesday at a hearing before the House Subcommittee on Higher Education and Workforce Training.

James Runcie, chief operating officer of the ED's Office of Federal Student Aid, said that the glitch occurred during a reconfiguration involving 11.5 million borrowers. For six to seven minutes, users logging into the compromised system were able to view the financial details of other borrowers. The reconfiguration was intended to improve lagging Web site performance.

The department quickly became aware of the glitch, Runcie said, and took immediate steps to correct the problem, including shutting down the site and contacting students who may have been affected. Education Department spokesperson Justin Hamilton said he's confident that the momentary breach had no serious impact on borrowers.

"We've reached out by phone and e-mail to the borrowers who were directly impacted and offered them free credit monitoring, support, and the opportunity to ask questions about what happened," Hamilton said in a statement released after the hearing, adding that there was "no reason to believe that any of the information has been misused."

The purpose of the congressional hearing was to review the Education Department's transition to the new federal Direct Loan program and address concerns about the process, said subcommittee chairwoman Rep. Virginia Foxx, R-NC, in her opening remarks. Among the concerns discussed were the decline in customer service and increase in problems and mistakes, including the recent security failure on the Direct Loan Web site.

"The implications of this kind of Web site malfunction are severe, particularly when it affects millions of borrowers nationwide," Foxx said.

Runcie said he believes the overall transition has been successful, despite the glitch and reiterated his department's commitment to creating a secure system infrastructure.

"In terms of overall security architecture, that's something we are very concerned about, and investing meaningful sums of money," Runcie told the subcommittee members. "But when you have this scale of a system in transition sometimes glitches occur."