Data identities were stolen from a nonprofit which services students, schools and lenders in loan financing.
The theft of 3.3 million identities occurred at the Educational Credit Management Corporation (ECMC) foundation headquarters in Saint Paul, Minnesota and occurred over the March 20-21 weekend.
ECMC published a press release on March 26, 2010 notifying borrowers of the data loss.
Paul Kelash, spokesperson for ECMC, when asked about giving more in depth information said he could not answer many questions.
“Because this is an ongoing investigation, we cannot provide any additional details,” Kelash said. “For Cal State Northridge, the total number of enrolled or recently enrolled affected borrowers is five.”
President and CEO, ECMC Group, Inc. Richard Boyle said, “We deeply regret that this incident occurred and the stress it has caused our borrowers, and our partners are doing everything we can to help protect our borrowers’ identity and personal information.”
Jill Oliveira, public information officer Minnesota Department of Public Safety Bureau of Criminal Apprehension, said everyone is doing their best to solve this crime.
“The Minnesota Department of Public Safety’s Financial Crimes Task Force is working this case jointly with the Oakdale Police Department and with the assistance of investigators from the U.S. Department of Education and the Office of Inspector General,” said Oliveira. “All agencies involved are doing everything we can to help find the person or persons who committed this crime, and to protect the people who may be among its victims.”
The press release included the only known details from the theft. It stated approximately 3.3 million different identities have been stolen including names, addresses, birth dates and social security numbers, but no bank account or financial account information was included.
The ECMC foundation acts as the designated guaranty agency in Virginia, Oregon and Connecticut. The foundation helps low-income, first- generation college-bound students, some of which have entered into bankruptcy.
Kelash said there are multiple different data sets.
“It’s not just students who filed for bankruptcy who could be affected. It could be anyone who has a ECMC guarantor federal student loan. This is why credit monitoring is so important. The borrower would just need to sign up for it,” Kelash said.
The press release stated that the theft occurred involving the use of portable media with personally identifiable information.
Kelash said he could not comment on what portable media was because they are still investigating.
David Lancaster, account manager with Discover, said a situation like this is pretty rare, especially this magnitude.
“There are resolutions like going to a national credit protection agency like Equifax or Experian,” Lancaster said.
Kelash said federal, state and local branches of law enforcement are all investigating the theft.
ECMC is investigating all aspects and doesn’t know whether this was an inside or outside job.
The press release stated ECMC has arranged with Experian to provide affected individuals with a full suite of credit monitoring and protection service for 12 months at no charge.
The ECMC Web site states affected individuals will be receiving a written notification from ECMC within the next two weeks and no misuse of data has yet been reported.
The notification letter includes the details of the type of information which was stolen, when the crime happened, the known details of the crime, how many people were effected, the law enforcement agencies who are currently working on the case and what ECMC is doing to help affected individuals and how they will try to prevent any further damage.
Kelash urged all who have questions or those who had data protected by ECMC to call (877) 449-3568 or visit the Web site www.ecmc.org for further information.