In a recent article written by Mary Pilon and published by the Wall Street Journal, it was reported that names, addresses, Social Security numbers and other personal data on borrowers were stolen from the St. Paul, Minn., headquarters of Educational Credit Management Corp. (ECMC), a nonprofit guarantor of federal student loans, during the weekend of March 20-21, 2010.
It was also reported that company and federal officials said they believed last week’s theft of identity data on 3.3 million people with student loans was the largest-ever breach of such information and could affect as many as 5% of all federal student-loan borrowers.
Of some significance is the fact that this was not an IT related breakdown of information security policy or procedure. As stated and cited in the article, ECMC spokesman Paul Kelash remarked that, “…It was a simple, old-fashioned theft. It was not a hacker incident.”
This article is a hard reminder to our internal physical security and risk management team members to not overlook the need for constant monitoring and ongoing improvement to both corporate physical and IT related security policies and procedures.
Click here to read the entire article.