A major federal loan guarantor is warning that data on 3.3 million borrowers has been stolen from a portable media device.
We deeply regret that this incident occurred and the stress it has caused our borrowers and our partners.
president and CEOECMC Group Inc.
Educational Credit Management Corp. (ECMC), said the stolen device contained the names, addresses, dates of birth and Social Security numbers of the individuals. In a statement, the St. Paul, Minn.-based company said the data security breach took place sometime during the weekend of March 20-21.
"ECMC discovered the theft on the afternoon of Sunday, March 21 and immediately contacted law enforcement officials," the company said in a statement. "ECMC is cooperating fully with local, state and federal law enforcement agencies conducting the investigation."
It is the first time a breach occurred at a federal loan guarantor. The last known data breach involving a portable media device took place last November, when Shelton, Conn.-based subsidiary of health insurer, Health Net Inc. warned that it lost a portable disk drive containing the personal information of 1.5 million people. The data included Social Security numbers and bank account numbers, and had been compressed, but not encrypted, Health Net said at the time.
ECMC did not say whether the data on its media drive was encrypted. No bank account or other financial account information was included in the stolen data, the company said.
ECMC said it would begin sending out data breach notification letters to affected individuals "as soon as possible." The company is partnering with Experian, a credit protection agency, to provide affected individuals with credit monitoring and protection services at no charge.
"We deeply regret that this incident occurred and the stress it has caused our borrowers and our partners and are doing everything we can to help protect our borrowers' identity and personal information," said Richard Boyle, president and CEO, ECMC Group, Inc.