Loan firm, university report security breaches

05.06.2006
Just days after the VA disclosed its data compromise, two other organizations reported similar incidents -- the latest in a long line of security breaches that have put personal information at risk.

Texas Guaranteed Student Loan Corp., a Round Rock, Texas-based nonprofit organization that administers student loans, last week announced that an outside IT contractor had lost an unspecified piece of equipment containing the names and Social Security numbers of approximately 1.3 million borrowers.

The loss was reported to the company on May 26 by Hummingbird Ltd., a Toronto-based software vendor that had been hired by Texas Guaranteed to develop a document management system.

Kristin Boyer, a spokeswoman for Texas Guaranteed, said the company had followed recommended security practices by encrypting all the information before transmitting it to Hummingbird. The data was then unencrypted by a Hummingbird employee and stored on equipment that appears to have been lost, Boyer said.

Hummingbird CEO Barry Litwin refused to disclose the type of media the information was stored on or how it was lost. But he said that the data had been password-protected at multiple levels, making it all but inaccessible to unauthorized users. "We believe that the chance of anybody actually getting at the data is minimal," Litwin said.

Meanwhile, Sacred Heart University in Fairfield, Conn., announced May 24 that one of its computers had been hacked, resulting in the potential compromise of the names, addresses and Social Security numbers of 135,000 alumni and prospective students.