A database containing the personal and financial details of almost 60 million students had constantly been accessed by some lending companies in a manner that violated federal privacy laws.
According to the Washington Post article, the database contains everything required to steal a person's identity, including students' names, Social Security numbers, addresses, phone numbers, birth dates and phone numbers as well as information on loan balances.
It seems that some lending companies have given unauthorized users, such as marketing companies, access to the data in the database on a regular basis, according to the Post's article.
"We are just in shock that student data could be compromised like this," Nancy Hoover, director of financial aid at Denison University, told the Washington Post.
The exposure comes as some lending companies and schools are under fire for inappropriate relations. At least three financial aid directors at various schools have resigned positions or been put on administrative leave after ties with student-lending firm Student Loan Xpress were uncovered.
The possible inappropriate access of a database on 60 million students puts the breach in the same category as the repeated breaches of retail giant TJX that led to the leak of at least 46.5 million credit-card numbers and the attack on CardSystems Solutions that resulted in the possible compromise of some 40 million credit-card numbers.
Officials at the U.S. Department of Education are mulling a possible shut down of the database system while access policies and security are tightened, according to the Post.
