Tuesday, May 12, 2009

DC agency accidentally emails personal info of student loan applicants

The Office of the State Superintendent of Education (OSSE) of the District of Columbia (Washington DC) accidentally, with an email from a worker in the Higher Education Financial Services Program, accidentally included an attachment that gave out personal information of 2400 applicants and sent it to more than 1000 recipients.

The attachment was an Excel spread sheet, and anyone who (even legitimately) emails a lot of material knows there are ways that sometimes email programs can leave attachments in place for future emails.

The District agency asked all recipients to destroy the copy of the spreadsheet.

This is the third major government personal information breach reported around the country in the past five days. Last week, a major breach was reported at a Virginia agency that could affect millions, theoretically. Another was reported at the University of California.

Bill Turque has the story in The Washington Post, Tuesday May 12, Metro Section, link here.

All of these cases speak to the need for a more systematic due diligence procedure in identifying consumers applying for credit. That’s been proposed on this blog (see Sept. 2006). Yet, “know thy customer” rules have serious hazards, too.

No comments: