14 DAY TRIAL // A portable media device, stolen one week ago from a company specializing in student loan bankruptcy services, contained personal identifiable information on over 3.3 million borrowers. The organization will notify the affected individuals and will offer them free credit protection services.
The theft occurred from the offices of Educational Credit Management Corporation (ECMC), one of the top guaranty agencies in the U.S., which is also Department of Education's designated provider for student loan bankruptcy services. The company discovered the device was missing on Sunday, March 21, but was prevented by the ongoing investigation from disclosing any details until last Friday.
The organization said in a press release (PDF) that the data contained full names, addresses, dates of birth and social security numbers (SSNs), which, according to legislation in most states, constitute Personal Identifiable Information (PII). The company stressed, however, that no financial data, such as bank account numbers, was compromised as a result of this incident.
There is no information as to whether this was an opportunistic theft targeting the hardware device itself or not. Because if the actual information contained within was the actual target, it would suggest that the perpetrators had inside knowledge and were familiar with the device's purpose.
"We deeply regret that this incident occurred and the stress it has caused our borrowers and our partners and are doing everything we can to help protect our borrowers' identity and personal information," said Richard Boyle, ECMC's president and CEO. The company will notify the affected individuals via regular mail during the course of the next two weeks.
Experian has been contracted by ECMC to offer free credit protection services to the affected borrowers. This includes credit monitoring, ID theft insurance, fraud alerts and customer support from ID theft specialists.