If you fell behind in your student loan repayments to the U.S. Education Department, “Mike Doe” (not his real name) may know about it. He didn’t want to know, but a vendor for NCO Financial Systems, the collection agency contracted by USED, recently sent him other students’ loan repayment collection statements.
The statements included the individuals’ names, addresses, account numbers, and loan balances.
Doe contacted DataBreaches.net on March 29th. He also contacted NCO Financial to alert them to the breach, and securely deleted the other individuals’ loan repayment statements from his email.
Today, NCO Financial submitted a breach notification to the California Attorney General’s Office that says that on March 29, their vendor, RevSpring, mistakenly sent an email to a number of loan customers with other borrowers’ information attached: name, address, Social Security number, and account numbers.
Their description corresponds to the date of Doe’s communication to DataBreaches.net, but not totally to the description of what information was disclosed. According to Doe, who sent a redacted copy of his own notice to DataBreaches.net, no Social Security numbers were involved but the loan balances showed as well as creditors. He states he received 2,467 other individuals’ loan repayment reminders.
It appears, then, that there were a total of 2,468 individuals who had their loan details exposed to others in this breach.
Those affected were offered free credit monitoring with Experian ProtectMyID.