Student loan borrower files sent to unauthorized party in accidental breach
The student loan services company Access Group Education Lending is blaming a third-party business partner for inadvertently sending loan files containing borrowers’ personal information to another business that was not authorized to receive them.
According to various media outlets, Access Group notified roughly 16,500 borrowers of the breach in a letter that states the company learned of the breach on Mar. 28, 2018, five days after the incident occurred.
Access Group claims that Nelnet, a vendor providing student loan processing services, was responsible for sending the files to the unauthorized party.
“Immediately after Access Group learned of this vendor error, we contacted the business that mistakenly received the files. That company confirmed the transferred files had been deleted and agreed to have the appropriate manager sign a sworn statement that the files had been deleted with no copies retained,” reads a statement from Access Group, sent to SC Media. “Though exposure of any personal information was limited and access to any personal information was immediately terminated, Access Group provided written notice to those individuals whose files were included in the transfer and to their state Attorneys General.”
In response to the incident, Access Group says it will also offer one year of free credit monitoring services to affected individuals, and will “continue to diligently monitor our vendor partnerships, including requiring written data transfer protocols and demanding that vendor employees verify the recipients of data transfers before initiating the action.”
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise