Stolen portable media device blamed in breach of 3.3 million

Article

Stolen portable media device blamed in breach of 3.3 million

Robert Westervelt, News Editor

A major federal loan guarantor is warning that data on 3.3 million borrowers has been stolen from a portable media device.

We deeply regret that this incident occurred and the stress it has caused our borrowers and our partners.

Richard Boyle,
president and CEOECMC Group Inc.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Educational Credit Management Corp. (ECMC), said the stolen device contained the names, addresses, dates of birth and Social Security numbers of the individuals. In a statement, the St. Paul, Minn.-based company said the data security breach took place sometime during the weekend of March 20-21.

"ECMC discovered the theft on the afternoon of Sunday, March 21 and immediately contacted law enforcement officials," the company said in a statement. "ECMC is cooperating fully with local, state and federal law enforcement agencies conducting the investigation."

It is the first time a breach occurred at a federal loan guarantor. The last known data breach involving a portable media device took place last November, when Shelton, Conn.-based subsidiary of health insurer, Health Net Inc. warned that it lost a portable disk drive containing the personal information of 1.5 million people. The data included Social Security numbers and bank account numbers, and had been compressed, but not encrypted, Health Net said at the time.

Portable media security:
Health Net healthcare data breach affects1.5 million: A lost hard drive contained seven years of patient data including Social Security numbers and medical records of more than a million Health Net customers. 

How to lock down USB devices: USB devices, thumb drives, flash drives -- whatever you call them, portable media present a significant challenge for enterprises.

ECMC did not say whether the data on its media drive was encrypted. No bank account or other financial account information was included in the stolen data, the company said.

ECMC said it would begin sending out data breach notification letters to affected individuals "as soon as possible." The company is partnering with Experian, a credit protection agency, to provide affected individuals with credit monitoring and protection services at no charge.

"We deeply regret that this incident occurred and the stress it has caused our borrowers and our partners and are doing everything we can to help protect our borrowers' identity and personal information," said Richard Boyle, president and CEO, ECMC Group, Inc.