Texas Guaranteed Student Loan Corp., a Round Rock, Texas-based nonprofit organization that administers student loans, last week announced that an outside IT contractor had lost an unspecified piece of equipment containing the names and Social Security numbers of approximately 1.3 million borrowers.
The loss was reported to the company on May 26 by Hummingbird Ltd., a Toronto-based software vendor that had been hired by Texas Guaranteed to develop a document management system.
Kristin Boyer, a spokeswoman for Texas Guaranteed, said the company had followed recommended security practices by encrypting all the information before transmitting it to Hummingbird. The data was then unencrypted by a Hummingbird employee and stored on equipment that appears to have been lost, Boyer said.
Hummingbird CEO Barry Litwin refused to disclose the type of media the information was stored on or how it was lost. But he said that the data had been password-protected at multiple levels, making it all but inaccessible to unauthorized users. "We believe that the chance of anybody actually getting at the data is minimal," Litwin said.
Meanwhile, Sacred Heart University in Fairfield, Conn., announced May 24 that one of its computers had been hacked, resulting in the potential compromise of the names, addresses and Social Security numbers of 135,000 alumni and prospective students.
The breach was discovered on May 8, when the university's IT staff noticed "an anomaly" during its daily system maintenance work, said Funda Alp, a spokeswoman for Sacred Heart. A rootkit program installed on the server -- apparently by an outside attacker -- caused one of the computing services running on that system to crash, Alp said.
Preliminary investigations showed that the attacker appeared to have the expertise to access the information stored on the server, although Alp said it isn't clear if that actually happened. In addition to the personal data, the compromised server contained credit card information for 103 individuals, she said.