03:24 PM

Pop Quiz: Who's Got Access To The Government's Student Loan Data?

It wouldn't surprise me if Sen. Edward ("Ted") Kennedy--well, his staff, really--had a bad case of writer's cramp. The senator's office this week alone issued four public statements criticizing the misuse of student data by student loan lenders, guarantors, and other members of that $85 billion-a-year industry. He's also made very speci

It wouldn't surprise me if Sen. Edward ("Ted") Kennedy--well, his staff, really--had a bad case of writer's cramp. The senator's office this week alone issued four public statements criticizing the misuse of student data by student loan lenders, guarantors, and other members of that $85 billion-a-year industry. He's also made very specific requests of the U.S. Education Department and certain members of the student loan industry, asking them to explain a number of their recent actions and apparent conflicts of interest. Speaking as someone with extensive experience with student loans, I say, "It's about time."Monday's lead news story in InformationWeek (which, of course, is available online over the weekend) takes a look at the reasons why Education Secretary Margaret Spellings has blocked businesses within the student loan industry from accessing the department's National Student Loan Data System database, the potential impact this suspension could have on this industry, and why it needed to be done.

While the department itself had been vague about how, exactly, student data was being misused, a conversation I had earlier today with Craig Munier, chairman of the National Direct Student Loan Coalition and director of scholarship and financial aid for the University of Nebraska, Lincoln, shed significant light on the situation.

During a February meeting with members of the National Direct Student Loan Coalition, an alliance of schools participating in the Federal Direct Student Loan Program, Theresa Shaw, chief operating officer Education Department's Office of Federal Student Aid, acknowledged the coalition's concerns that the National Student Loan Data System was being misused by companies within the student loan industry. "We were concerned that they were using the database to raid the direct loan portfolio to the detriment of the loan program and to the detriment of taxpayers," Munier told me. The Federal Direct Student Loan program, which has 1,100 member schools, advocates that borrowers get their education loans directly from their schools, so it competes with many of the companies the Education Department is cracking down on.

"We were looking for guidance from Terry as to why this was happening," said Munier, who was joined by Eileen O'Leary, assistant VP for finance and director of Student Aid and Finance at Stonehill College in Massachusetts, and Nancy Hoover, director of Ohio's Denison University financial aid office, for his meeting with Shaw. Munier told me he was "shocked" to hear that the Education Department was already looking into this matter itself.

Indeed, Shaw told the coalition members that some student loan companies were pinging the National Student Loan Data System several thousand times per minute, Munier says, adding, "This was indicative of a concerted effort to retrieve the database's information for other than its intended purpose."

Munier says that loan companies have for years been mass marketing to students, especially since Congress a few years ago gave the green light for companies to offer consolidation of direct student loans. As student loan payer, I share the concerns brought to the fore by Munier's coalition as well as Sen. Kennedy. It's hard enough repaying tens of thousands of dollars in student loans without having to worry about who's holding my loan and why I'm constantly getting mailed offers for loan consolidation.

There's no question that cutting student loan companies off from the database will hurt these businesses. But if they're guilty of misusing the information contained in the database, they've got no one but themselves to blame. The act of blocking all loan companies from the database is a drastic move, but a necessary one as the Education Department sorts out this mess. Munier believes the situation should never have degraded to the point where even legitimate companies would be shut off from access. "It's so irritating to me because the abuse always comes first with government regulation," he says.

Put another way, reactive regulation:government::oversleeping exam:students.

For extra credit:

In response to allegations that lenders, guarantors, and other student loan companies are misusing information about students and their parents, the Education Department should: 1) Permanently eliminate National Student Loan Data System access to everyone except loan borrowers and their schools. 2) Investigate specific allegations of misuse but allow all other student loan companies to access the database. 3) Be investigated itself, given that the department is responsible for protecting the misused data. 4) None of the above.

Your answer?

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Payday Loans
Payday Loans,
User Rank: Apprentice
4/4/2012 | 5:49:14 AM
re: Pop Quiz: Who's Got Access To The Government's Student Loan Data?
Student loans to pay your way through higher education, obtain housing throughout higher education, and pay for other odds-and-ends while while attending higher education. An education relief then takes all these different loans, pays for each of them, at which time you then pay the education relief company for the total amount of loans taken out during higher education.
Cybersecurity's 'Broken' Hiring Process
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/11/2017
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What did you expect from this SOC? A unicorn....
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.