Forgot your password?
typodupeerror
Privacy Databases Education Programming Software IT

Student Financial Aid Database Being Misused 182

Posted by kdawson
from the six-solicitations-per-day dept.
pin_gween writes "The Washington Post reports on the probable abuse of the National Student Loan Data System. The database was created in 1993 to help determine which students are eligible for financial aid. Students' Social Security numbers, e-mail addresses, phone numbers, birth dates, and loan balances are in the database. It contains 60 million student records and is covered by federal privacy laws. Advocates worry that businesses are trolling for marketing data they can use to bombard students with mass mailings or other solicitations. The department has spent over $650,000 in the past four years protecting the data. However, some senior education officials are advocating a temporary shutdown of access to the database until tighter security measures can be put in place."
This discussion has been archived. No new comments can be posted.

Student Financial Aid Database Being Misused

Comments Filter:
  • by toodle-lou (1088421) on Sunday April 15, 2007 @11:44PM (#18746827)
    its just a matter of time...everybody's personal data will eventually get misused
  • by Rukie (930506) on Monday April 16, 2007 @12:34AM (#18747105) Homepage Journal
    Considering the fact that eventually someone will gain your information, I do have some fear. Unfortuantely? I do not let fear manipulate me. I'm sure my financial data will get out from a credit card company or an ebay or something. This frightens me a little bit because I will be attending college next year. Fortunately, the school I will be attending is fairly new (the campus, not the school). I do look forward to Rochester Institute of Technology, but now I'm getting off topic. I did notice that as soon as I got a $250 credit card (I know, there's people with $100,000 limits) I immediately started getting other credit card offers for $300 from other entirely unrelated credit card companies. As soon as I applied for one online college site (petersons and collegeboard) I received hundreds of mails and emails for different colleges. They are still contacting me, even after I tell them to remove me from their list. And after the report about how the government recieved a C(-?) on their security, this doesn't surprise me a bit. In fact, I think its hilarious that our government, a society with spies that keeps things secret from its own people, cannot manage security on more public organizations like police departments and the FBI.
  • by Loconut1389 (455297) on Monday April 16, 2007 @12:37AM (#18747125)
    ISU was rumored to have sold off our entire phonebook to marketers for like $2M at one point while I was a student.
  • by jasmak (1007287) on Monday April 16, 2007 @12:43AM (#18747151)
    I am still in college, and currently me and everyone I kno all get tons and tons of letters for consolidations and credit cards. What I think should happens is that everyone should band together against these junkmailing companies to end it(or at least take a shot at the man). Here is how it works:

    1) Open junk mail

    2) Remove return envelope

    3) Fold up the rest of the contents as they arrived and stuff them in the envelope

    4) Send it back to them

    I figure if enough people do this, it can begin to make a dent by doubling how much they pay for each mailing(how many people actually sign up with junkmail anyhow) or at least maybe they will take me off their list(doubtful) but in the worst case... I am giving them they exact pain the inflict on me by having to open worthless mail.

  • Re:Duh... (Score:4, Interesting)

    by Aqua OS X (458522) on Monday April 16, 2007 @12:45AM (#18747165)
    preach on.
    I swear, every week I get some sort of consolidation spam vaguely disguised as a threatening pink or yellow bill.
  • by Anonymous Coward on Monday April 16, 2007 @12:47AM (#18747177)
    File as financially independent, and your EFC is 0. Of course, the IRS might get pissed at your parents if they are claiming to be supporting you.
  • What's the solution? (Score:4, Interesting)

    by Anonymous Coward on Monday April 16, 2007 @01:07AM (#18747261)
    Okay, so reform is needed. But what's the solution, though? Is it legislation-based? Is it market-based? We have to make sure the solution doesn't fuck us over more than the problem it's trying to solve.

    A good example of how a good idea can go wrong is Digg. It addresses one of the sore spots about Slashdot: the ability for anyone to submit news, and immediately have it viewable by others. It also opens up the comment moderation system to everyone. It's the Digg comment moderation I'd like to consider for the moment.

    What we often find is that people in the know get their posts voted down, especially if they say something unpopular (even if completely factual). An example of this is noted Slashdot poster John Randolph, who goes by the handle jcr. He often speaks his mind, and that gets some people at Digg all riled up. So they moderate down his comments. This is especially true in his posts dealing with Apple, where John says it as it is. After all, John worked at Apple for a long time. He knows how things are done there. But that's not good enough for many of the morons at Digg. They bury what are perhaps the most informative, insightful and interesting comments. It's a perfect example of how a system that tries to fix Slashdot ends up being far worse in most cases.

    I could see the same thing happening with proposed solutions to these data protection problems. If it's a legislation-based approach, the law will end up making database server administration far more difficult and time-consuming. A market-based approach will no doubt have even more problems.

  • Re:Hacked? (Score:5, Interesting)

    by epee1221 (873140) on Monday April 16, 2007 @01:09AM (#18747269)
    Exactly. There is no breaking-in going on. TFA says the problem is that lenders are mining in ways that aren't allowed by federal regulations. This leaves a few questions:
    • Why does the database system fulfill illegal search requests?
    • Do those who have been searching illegally still have access? If so, why?
    • What punishment exists for violating the regulations on what searches are allowed?
    • How much of the data stored on each student do these lenders actually have legitimate reason to know?
    • What hoops does a lender have to jump through to get access to the database?
  • by hazem (472289) on Monday April 16, 2007 @02:19AM (#18747553) Journal
    I got my undergrad at Portland State and have recently started taking graduate classes "for fun"... it's been more than 5 years since I attended.

    The particularly obnoxious thing is not getting credit card offers... no... your student i.d. IS a credit card! It's a mastercard. You have to go online to activate it and when you do, you have the option (if you check the box every time it pops up) to NOT have a credit account attached to it.

    In my mind this is even more insidious than the 5 credit card booths between the registrar's office and financial aid, and the pile of credit card apps in your bookstore bag.

    There's no way to avoid getting the card and you have to work to not make it a credit card.
  • by sumdumass (711423) on Monday April 16, 2007 @03:09AM (#18747773) Journal
    When you get these annoying telemarketer calls, regardless of what they are selling, you can stop them easily.

    First, Ask them who they represent. Once they answer with the company they are working for tell them to take you off their list and any other lists they have associated with it and to make sure you don't end back up on the list again. Then tell them your not interested in the of offer and repeat the take me off the list thing again.

    It is important to tell the to take you off the list first because sometimes they will hang up before you can say it after you told them you weren't interested.

    I have heard that if they keep calling you after you told them to take you off the list, you can get something like $500 a pop for each time they call you after. I'm not sure about that specifically but I think the key that really makes this work is that they know you won't buy what they are selling and since you have shown that it angers you to be bothered by them, they move onto someone that will give them a commission or a sale. And trust me, This works quite well in stopping the phone calls. But you have to be specific and keep a record of who is calling. And when you tell them to take you off the list, Don't yell or scream, just speak like you are the principle at a grade school telling a third grader something they did was really bad.
  • Not that simple (Score:5, Interesting)

    by Moraelin (679338) on Monday April 16, 2007 @03:37AM (#18747863) Journal

    I don't give a shit anyway , if it's only going to be email messages. In the worst case they would call ? .. Just hang up.


    It's not that simple. If the database contained only email addresses and telephone numbers, ok, noone would give too much of a shit.

    Unfortunately, by the sound of it, it contains enough data for identity theft. Especially since in America a bunch of idiots decided that the SSN is usable as unique ID and/or password for everything, so anyone who knows yours already won half the battle to impersonate you. Plus the always useful (especially to a crook) information of how elligible for a loan everyone there is.

    So here's a simple scenario: a crook looks through that database, finds a list of kids with upper middle class parents (you don't want to go for billionaire sons, because that might raise suspicions), also finds all the information needed to impersonate any of them to a bank, and takes a hefty "student loan" in the name of each. Just hefty enough to be worth the heist, but not quite close to the limit to raise too much suspicion and verifications. Crook buggers off with the money, and the parents are left to prove that it wasn't their offspring who took the loan. (After a round of inquisition to determine if it really was the son who blew the money on hookers, booze and dope.)
  • by Trojan35 (910785) on Monday April 16, 2007 @03:40AM (#18747871)
    I always like junk mail. It's one more company helping support the USPS, which I find to be very useful and cheap. Their spam keeps my rates down.

    Email on the other hand...
  • Re:Todays mail (Score:2, Interesting)

    by LilWolf (847434) on Monday April 16, 2007 @04:45AM (#18748111)
    Ah, the joys of living in a socialist nation. Free attendance at universities etc. and no need to rack up tens of thousands in loans just to get a chance at decent jobs and the government pays *you* money for studying. If that's not enough to pay for your living you can get a government guaranteed loan.

    The best thing is, you really don't get junk mail from credit card companies or anything like that. If you do, just stick a note on your mail box stating "No advertisements" and the postal office will stop delivering them to you(required by law I believe). Though if they name you as a recipient they'll deliver even ads, but it seems to be quite rare. I've had the "No ads" note up for 3 years and it's a bad month if I get even one advertisement in mail.
  • by 0100010001010011 (652467) on Monday April 16, 2007 @09:42AM (#18749637)
    I've always heard that you get a "RETURN TO SENDER" stamp and start stamping all your junk mail. Eventually stuff will make it back into there system.

    I'm interested if anyone here has tried this and if it works.

    Alternatively does anyone know how to stop the weekly circulars that I get every Thursday? I've had my mail shut off because I was out of town for a few weeks and my (apartment) mailbox became stuffed with these circulars and they thought I moved. I'm tired of throwing these away every week. I asked the mailman once and he said they "had" to deliver them. How much are these companies paying the USPS to get this junk put into my mail? I was considering wrapping them up some week, stamping them RTS and tossing them in the post office bin.
  • by wakingrufus (904726) on Monday April 16, 2007 @11:05AM (#18750633) Homepage
    A few days ago i requested an information packet from a local technical college via an online request form. i used my cell phone for the phone number. Today i received a call from a student loan consolidation company on my cell phone. I missed the call, but called it right back and the guy who answered the phone said he was from this loan consolidation company. I asked why they called me and he asked if i was interested in a student loan. I said I don't have any (I don't) and please take me off your list. He asked what my name was, but I made him look me up by phone number, and when he did he asked me if i was $MY_NAME and attended $THAT_SCHOOL. I denied knowing that person and had him put me down for wrong number. I called the phone number on the schools site, and told them about this, and the girl who answered the phone was just someone who answers the phone and transfers people, and said she had no idea that the personal data gets handed along. Then she asked my name and said she was going to transfer my name to a customer complaint deprtment or some such but i said "No thanks, just pass along the message." Needless to say i will not be attending that school.

The universe is like a safe to which there is a combination -- but the combination is locked up in the safe. -- Peter DeVries

Working...