The Department of Education came under criticism last week from student borrowers and Senate Democrats for an online-security breach that occurred over three days at the beginning of the week.
Because of a bug in the system, introduced during a scheduled software upgrade, some student-loan borrowers who logged on to parts of the department’s Web site saw other borrowers’ personal information, including names, addresses, Social Security numbers, and dates of birth.
Nancy A. Newark, 38, was updating her personal information on the site Aug. 21 when she was inexplicably routed to another page containing someone else’s private data, she said in an interview.
Ms. Newark, a Westwood, Mass., lawyer, said that happened three more times before she called the Education Department to report the problem. She said the department took down at least parts of its Web site on the morning of Aug. 22.
The breach affected people who have borrowed student loans directly from the federal government, rather than through a private lender. About 6.4 million people have outstanding loans in the program, according to an Education Department official quoted in TheBoston Globe, which first disclosed the problem in a story on Aug. 23.
Hudson La Force, a senior counsel to Secretary of Education Margaret Spellings, told the Globe that four people had called to complain about the problem since Aug. 20. He said the department would not put the information back online until officials were assured it was secure, although he was unsure how long that would take.
Mr. La Force also told the Globe he was not sure how many borrowers were affected by the glitch, but said “we think the effect is pretty limited.”
A department spokeswoman did not return calls from Education Week before deadline.
Such assurances are little comfort to Ms. Newark.
“Now that I’m hearing a lot of ‘we thinks’ and ‘it appears,’ I’m very concerned,” she said in the interview. “I know that I have to remain vigilant.”
The incident prompted harsh words from Senate Democrats. In an Aug. 23 statement, the Senate Democratic Communications Center cited recent electronic-security troubles in the Education Department and several other federal agencies.
“The Bush record on securing government and personal data is one of blundering mismanagement,” the Democrats’ statement said.
