Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/20/2007
03:24 PM
50%
50%

Pop Quiz: Who's Got Access To The Government's Student Loan Data?

It wouldn't surprise me if Sen. Edward ("Ted") Kennedy--well, his staff, really--had a bad case of writer's cramp. The senator's office this week alone issued four public statements criticizing the misuse of student data by student loan lenders, guarantors, and other members of that $85 billion-a-year industry. He's also made very speci

It wouldn't surprise me if Sen. Edward ("Ted") Kennedy--well, his staff, really--had a bad case of writer's cramp. The senator's office this week alone issued four public statements criticizing the misuse of student data by student loan lenders, guarantors, and other members of that $85 billion-a-year industry. He's also made very specific requests of the U.S. Education Department and certain members of the student loan industry, asking them to explain a number of their recent actions and apparent conflicts of interest. Speaking as someone with extensive experience with student loans, I say, "It's about time."Monday's lead news story in InformationWeek (which, of course, is available online over the weekend) takes a look at the reasons why Education Secretary Margaret Spellings has blocked businesses within the student loan industry from accessing the department's National Student Loan Data System database, the potential impact this suspension could have on this industry, and why it needed to be done.

While the department itself had been vague about how, exactly, student data was being misused, a conversation I had earlier today with Craig Munier, chairman of the National Direct Student Loan Coalition and director of scholarship and financial aid for the University of Nebraska, Lincoln, shed significant light on the situation.

During a February meeting with members of the National Direct Student Loan Coalition, an alliance of schools participating in the Federal Direct Student Loan Program, Theresa Shaw, chief operating officer Education Department's Office of Federal Student Aid, acknowledged the coalition's concerns that the National Student Loan Data System was being misused by companies within the student loan industry. "We were concerned that they were using the database to raid the direct loan portfolio to the detriment of the loan program and to the detriment of taxpayers," Munier told me. The Federal Direct Student Loan program, which has 1,100 member schools, advocates that borrowers get their education loans directly from their schools, so it competes with many of the companies the Education Department is cracking down on.

"We were looking for guidance from Terry as to why this was happening," said Munier, who was joined by Eileen O'Leary, assistant VP for finance and director of Student Aid and Finance at Stonehill College in Massachusetts, and Nancy Hoover, director of Ohio's Denison University financial aid office, for his meeting with Shaw. Munier told me he was "shocked" to hear that the Education Department was already looking into this matter itself.

Indeed, Shaw told the coalition members that some student loan companies were pinging the National Student Loan Data System several thousand times per minute, Munier says, adding, "This was indicative of a concerted effort to retrieve the database's information for other than its intended purpose."

Munier says that loan companies have for years been mass marketing to students, especially since Congress a few years ago gave the green light for companies to offer consolidation of direct student loans. As student loan payer, I share the concerns brought to the fore by Munier's coalition as well as Sen. Kennedy. It's hard enough repaying tens of thousands of dollars in student loans without having to worry about who's holding my loan and why I'm constantly getting mailed offers for loan consolidation.

There's no question that cutting student loan companies off from the database will hurt these businesses. But if they're guilty of misusing the information contained in the database, they've got no one but themselves to blame. The act of blocking all loan companies from the database is a drastic move, but a necessary one as the Education Department sorts out this mess. Munier believes the situation should never have degraded to the point where even legitimate companies would be shut off from access. "It's so irritating to me because the abuse always comes first with government regulation," he says.

Put another way, reactive regulation:government::oversleeping exam:students.

For extra credit:

In response to allegations that lenders, guarantors, and other student loan companies are misusing information about students and their parents, the Education Department should: 1) Permanently eliminate National Student Loan Data System access to everyone except loan borrowers and their schools. 2) Investigate specific allegations of misuse but allow all other student loan companies to access the database. 3) Be investigated itself, given that the department is responsible for protecting the misused data. 4) None of the above.

Your answer?

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Payday Loans
50%
50%
Payday Loans,
User Rank: Apprentice
4/4/2012 | 5:49:14 AM
re: Pop Quiz: Who's Got Access To The Government's Student Loan Data?
Student loans to pay your way through higher education, obtain housing throughout higher education, and pay for other odds-and-ends while while attending higher education. An education relief then takes all these different loans, pays for each of them, at which time you then pay the education relief company for the total amount of loans taken out during higher education.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.