97,000 North Carolinians among student loan data theft victims

RALEIGH, NC — The recent theft of data from a federal student loan guarantor included information about nearly 100,000 North Carolinians, Attorney General Roy Cooper said today.

“With just a few key pieces of information, an identity thief can pretend to be you and run up debts in your name,” said Cooper. “If you learn that your information may be in the wrong hands, act fast to protect yourself.”

With this latest security breach, 450 breaches involving the personal information of millions of people have been reported to Cooper’s office thanks to state laws designed to protect consumers from identity theft. A security breach happens when data or records containing personal information such as Social Security Numbers or bank account numbers are lost, stolen or displayed.

Data was reportedly stolen from the Minnesota headquarters of the Educational Credit Management Corporation sometime between March 20 and 21. According to ECMC’s website, the data, stored on a portable media device, included the names, addresses, birthdates and Social Security Numbers of 3.3 million student loan borrowers nationwide. Bank account or credit card numbers were not included, according to ECMC.

The company has been in contact with Cooper’s office about its security breach, which ECMC says included information about 96,908 North Carolinians. ECMC is currently notifying North Carolina consumers whose information was lost and offering them one free year of credit monitoring.

More than 230 consumers who received breach notification letters from ECMC have contacted the Attorney General’s Consumer Protection Division since last Friday. Some consumers contacted by ECMC may not recognize the name of the company because it insures and services student loans but does not actually make the loans.

“Finding out that your data has been lost or stolen is scary, but there are some simple things you can do to protect yourself, like placing free security freezes on your credit,” Cooper said.

In addition to accepting free credit monitoring or other services offered by ECMC in its letters to consumers, Cooper recommends that people who get a security breach notification alert the credit bureaus, consider getting free security freezes to prevent new accounts from being opened in their names, and continue checking their credit frequently. [See our security breach tips for more details, also available at www.ncdoj.gov]

North Carolinians can request free security freezes by visiting the three major credit bureaus’ secure websites and providing identifying information such as their Social Security Number, address and date of birth. Links to the credit bureaus’ websites are available at www.ncdoj.gov, along with detailed information about how to sign up for security freezes and how to lift one when you need to take out credit. Consumers can lift their security freezes online for free as well.

Consumers who don’t have access to the Internet can request and lift security freezes by mail or telephone for $3 per bureau. Freezes by mail or telephone are free to victims of identity theft and consumers over aged 62.

Under North Carolina laws advocated by Cooper, state and local government as well as businesses must notify consumers if a security breach may have compromised their personal information. They must also report breaches to the Consumer Protection Division.

A total of 450 breaches that involved information about approximately 2.2 million North Carolina consumers have been reported since state laws on security breaches took effect. Businesses have been required to report security breaches since December 1, 2005, and state and local governments have been required to report breaches since October 1, 2006.

Of all of the breaches reported to the Attorney General’s Office, nearly 40 percent involved the theft of laptops, computers or other equipment containing personal information. Nearly 22 percent were caused by unauthorized release or display of information, and almost 20 percent were the result of hackers.

Slightly more than nine percent of breaches reported were due to data stolen by employees or contractors, and slightly less than nine percent were due to data lost in transit. Fewer than one percent of reported breaches were caused by phishing, which happens when criminals send phony emails or text messages that appear to come from a legitimate company and ask for personal information.

Slightly more than 44 percent of all breaches reported came from general businesses, while 35 percent were reported by companies in the financial services and insurance industry. Health care accounted for 7.6 percent, state and local government agencies for six percent, educational institutions for five percent, and non-profit and religious groups for 1.6 percent of breaches reported.

[Read the complete statistics on security breaches reported to the Attorney General’s Office.]

“We pushed for laws that require businesses and government to let you know if you’re the victim of a security breach so that you can move quickly to minimize any damage,” Cooper said.


Leave a Reply

Your email address will not be published. Required fields are marked *