In discussing the huge Educational Credit Management Corp data breach previously covered on this site, Rick Karlin of the Times Union mentions a second and unrelated breach, this one by New York’s Higher Education Services Corp:
[The breach] happened back in December when 1,433 e-mails from HESC ran into a “process error” by which the last name and Social Security numbers of borrowers are believed to have gone through Internet servers outside of the agency’s control.
HESC sent out letters to the people affected and like the ECMC security breach, it was listed last month on a Data Breach report maintained by the state Consumer Protection Board.
After such a breach has occurred, the organizations that had the data are required by law to inform people that it happened, said Jorge Montalvo a spokesman for the CPB.
Additionally, the firms are offering free credit monitoring to people to ensure they haven’t become unwitting victims of identity theft. “Once someone has the combination of a few things — name, date of birth, Social Security — (you) could be come a victim,” said Montalvo.