Thieves recently broke into the Oakdale, Minnesota, headquarters of a company that stores information about student loans, causing a security breach that could impact more than 3 million student borrowers across the country.
The Minneapolis Star Tribune is reporting that ECMC, a loan-processing company, reported the break-in. According to the company, there was a theft of the "personally identifiable information" of 3.3 million students with federal loans.
ECMC officials say that the identity theft could be the largest of its kind in the nation. They are reporting that it could impact 5 percent of students with federally backed loans.
Initially founded as Educational Credit Management Corp. 16 years ago, ECMC is one of the top ten student loan guaranty agencies in the country. It is a nonprofit corporation that guarantees federally backed loans.
Few data breaches have been as potentially wide-ranging as this one.
The company alerted Congress to the breach in an email that the Star Tribune acquired. The stolen data in question includes names, dates of birth, addresses and Social Security numbers. ECMC also said that no bank account information or any other financial data was stolen.
In the email to Congress, ECMC chief executive Richard Boyle said that the theft happened at a "secured location at ECMC involving portable media with ECMC student loan borrowers' personally identifiable information." The company was not aware of a circumstance in which the data had been misused as of yet.
The data, according to sources in Congress, was stored in a safe, contained on discs. Local police in Oakdale are still in charge of the case, though Oakdale police Captain Jack Kettler did not have any comment on the case. The Minnesota Bureau of Criminal Apprehension has taken the lead on the investigation.
The U.S. Department of Education was notified as well. Spokesperson for the body Justin Hamilton said that the FBI was brought in on the case. "Protecting student privacy is a top priority," he told the Star Tribune.
Representatives from ECMC discovered the theft on a Sunday morning, following the break-in, which is presumed to have taken place on that Saturday night or early Sunday morning.
ECMC did not report the theft until a week after it occurred, at the request of law enforcement officials. David Hawn at ECMC told the public that he did not know if the thieves had specifically targeted the sensitive identity information.
In a statement, chief executive Boyle said, "We deeply regret that this incident occurred and the stress it has caused our borrowers and our partners, and are doing everything we can to help protect our borrowers' identity and personal information."
ECMC also stated that it had partnered with the credit protection agency Experian to help students who may be impacted by the theft. Among the services that Experian provides are free credit monitoring and protection services. ECMC will also distribute information about fraud protection and insurance coverage for identity theft.
The information stolen from ECMC will not affect non-customers of the corporation.
ECMC guarantees federally backed student loans, and also services loans that have fallen into bankruptcy. The company is the U.S. Department of Education's designated handler of bankrupt student loans.