Slashdot Mirror

← Back to Stories (view on slashdot.org)

Student Financial Aid Database Being Misused

Posted by kdawson on from the six-solicitations-per-day dept.

pin_gween writes "The Washington Post reports on the probable abuse of the National Student Loan Data System. The database was created in 1993 to help determine which students are eligible for financial aid. Students' Social Security numbers, e-mail addresses, phone numbers, birth dates, and loan balances are in the database. It contains 60 million student records and is covered by federal privacy laws. Advocates worry that businesses are trolling for marketing data they can use to bombard students with mass mailings or other solicitations. The department has spent over $650,000 in the past four years protecting the data. However, some senior education officials are advocating a temporary shutdown of access to the database until tighter security measures can be put in place."

23 of 182 comments (clear)

  1. All databases eventually get hacked by toodle-lou · · Score: 4, Interesting

    its just a matter of time...everybody's personal data will eventually get misused

    1. Re:All databases eventually get hacked by VirusEqualsVeryYes · · Score: 4, Insightful

      In the worst case they would call ? .. Just hang up.
      So what you're saying is:

      Solution to telemarketers: just hang up!

      Solution to junk mail: just throw it away!

      Solution to spam: just delete it!

      Are you serious?? Are you mad??
  2. Duh... by dal20402 · · Score: 5, Funny

    O rly?

    I would never have guessed that these guys had anything to do with the 2-3 student loan consolidation offers I get per day...

    I'm sure my future, not just this article, is

    from the six-soliciations-per-day dept.
    1. Re:Duh... by Aqua+OS+X · · Score: 3, Interesting

      preach on.
      I swear, every week I get some sort of consolidation spam vaguely disguised as a threatening pink or yellow bill.

      --
      "Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
  3. it's about time, but we should do more by User+956 · · Score: 5, Informative

    The Washington Post reports on the probable abuse of the National Student Loan Data System.

    Well color me surprised. Or not. Anyone in the financial services industry is well aware that students are prime targets for all sorts of jacked-up offers. That data needs protecting, but the whole credit system in this country needs a major overhaul.

    --
    The theory of relativity doesn't work right in Arkansas.
  4. Only $650k? by Anonymous Coward · · Score: 3, Insightful

    Only $650k over a few years to protect that much important data? That's about what the US spends on the Iraqi War _every_six_minutes_. What's wrong with this picture?

  5. Doesn't surprise me. by StarvingSE · · Score: 4, Informative

    After I was done with school, I consolidated my loans with a company that I spent some time actually researching and making sure they were reputable. However, I kept getting 10+ mailings a month from companies wanting to consolidate my loans. Then the phone calls came. I tell them all that I have already consolidated, yet they continue. It is no surprise to me that they are probably getting my info from this database.

    --
    I got nothin'
    1. Re:Doesn't surprise me. by esmrg · · Score: 4, Informative

      Examine what?
      Mail has various rates. If I grab a letter, first thing I look at is the top right hand corner. PRESRT STD. Throw way. No seriously, burn. No need to read or consider $this_offer. If anyone sends you or me anything of even the mildest importance, it's FIRST CLASS. Don't let any of the lies printed across the envelope fool you. Standard mail is always junk. However, many bills are presort first class, so be careful you notice the STANDARD or STD.
      Sometimes the firm may even have the wallet to mail a first class solicitation (although rare). In this case, they probably spent a bit more money to have you throw it away.

  6. It's not the abuse, it's the incompetence by Aluvus · · Score: 4, Funny

    This past week I (a college student, with financial aid) got a letter stating I was pre-approved for a loan of $3,500 on condition of proving I own a home.

    I live in a dorm. At a school in another state.

    Apparently their "prescreening" folks can't even figure things out when they have a large chunk of my personal information staring them in the face.

    --
    Never mistake "can" for "should".
  7. it almost doesn't matter by Loconut1389 · · Score: 4, Interesting

    ISU was rumored to have sold off our entire phonebook to marketers for like $2M at one point while I was a student.

  8. But you can surprise them by Max+Littlemore · · Score: 4, Funny

    Then the phone calls came. I tell them all that I have already consolidated, yet they continue.

    Hi, you called <me/>, first class provider of premium customer service coaching for dodgey loan consolidation services providers. Before we begin, I'm obliged to tell you that this call is being recorded for customer service and validation reasons and that by continuing to use this coaching service, you are agreeing on behalf of your dodgey loan consolidation service provider to be bound by the terms and conditions available online at <free_host_where_I_posted_an_outrageous_contract>. Also you are reminded that if this is a second call by a respresentative of the dodgey loan consolidation service provider you represent, you are agreeing their behalf to the conditions of our $250000 per minute premium service as described in section 3.6a subsection z of the contract found at <free_host_where_I_posted_an_outrageous_contract>, do you understand?

    .....
    If things get any further.....
    .....

    Thank you, but I have already consolidated my loans and I'm really not interested.

    Now I would advise, in order to provide the best possible customer service, you hang up. If this doesn't work for you, please call back for a premium consultation. Have a nice day. *click*

    --
    I don't therefore I'm not.
    1. Re:But you can surprise them by sumdumass · · Score: 3, Interesting

      When you get these annoying telemarketer calls, regardless of what they are selling, you can stop them easily.

      First, Ask them who they represent. Once they answer with the company they are working for tell them to take you off their list and any other lists they have associated with it and to make sure you don't end back up on the list again. Then tell them your not interested in the of offer and repeat the take me off the list thing again.

      It is important to tell the to take you off the list first because sometimes they will hang up before you can say it after you told them you weren't interested.

      I have heard that if they keep calling you after you told them to take you off the list, you can get something like $500 a pop for each time they call you after. I'm not sure about that specifically but I think the key that really makes this work is that they know you won't buy what they are selling and since you have shown that it angers you to be bothered by them, they move onto someone that will give them a commission or a sale. And trust me, This works quite well in stopping the phone calls. But you have to be specific and keep a record of who is calling. And when you tell them to take you off the list, Don't yell or scream, just speak like you are the principle at a grade school telling a third grader something they did was really bad.

  9. My stragegy for stopping the junk mail... by jasmak · · Score: 5, Interesting
    I am still in college, and currently me and everyone I kno all get tons and tons of letters for consolidations and credit cards. What I think should happens is that everyone should band together against these junkmailing companies to end it(or at least take a shot at the man). Here is how it works:

    1) Open junk mail

    2) Remove return envelope

    3) Fold up the rest of the contents as they arrived and stuff them in the envelope

    4) Send it back to them

    I figure if enough people do this, it can begin to make a dent by doubling how much they pay for each mailing(how many people actually sign up with junkmail anyhow) or at least maybe they will take me off their list(doubtful) but in the worst case... I am giving them they exact pain the inflict on me by having to open worthless mail.

    --
    It is the mark of an educated mind to be able to entertain a thought without accepting it.
    1. Re:My stragegy for stopping the junk mail... by threephaseboy · · Score: 3, Informative

      Yep, That'll stop them :)

      --
      .
    2. Re:My stragegy for stopping the junk mail... by Emperor+Tiberius · · Score: 3, Insightful

      I get consolidation offers every week. Like most physical spam, I toss it in my shred bag. When the bag gets sufficiently full, I shred it.

      Now these scum bags are sending offers in envelopes that say things like "final notice," and "government notice." Shouldn't this be illegal? Now I actually have to examine some of the more deceiving items to make sure they're not real.

    3. Re:My stragegy for stopping the junk mail... by DoofusOfDeath · · Score: 3, Funny

      I am still in college, and currently me and everyone I kno

      Best. Quote. Ever. :)

  10. What's the solution? by Anonymous Coward · · Score: 4, Interesting

    Okay, so reform is needed. But what's the solution, though? Is it legislation-based? Is it market-based? We have to make sure the solution doesn't fuck us over more than the problem it's trying to solve.

    A good example of how a good idea can go wrong is Digg. It addresses one of the sore spots about Slashdot: the ability for anyone to submit news, and immediately have it viewable by others. It also opens up the comment moderation system to everyone. It's the Digg comment moderation I'd like to consider for the moment.

    What we often find is that people in the know get their posts voted down, especially if they say something unpopular (even if completely factual). An example of this is noted Slashdot poster John Randolph, who goes by the handle jcr. He often speaks his mind, and that gets some people at Digg all riled up. So they moderate down his comments. This is especially true in his posts dealing with Apple, where John says it as it is. After all, John worked at Apple for a long time. He knows how things are done there. But that's not good enough for many of the morons at Digg. They bury what are perhaps the most informative, insightful and interesting comments. It's a perfect example of how a system that tries to fix Slashdot ends up being far worse in most cases.

    I could see the same thing happening with proposed solutions to these data protection problems. If it's a legislation-based approach, the law will end up making database server administration far more difficult and time-consuming. A market-based approach will no doubt have even more problems.

  11. Re:Hacked? by epee1221 · · Score: 5, Interesting
    Exactly. There is no breaking-in going on. TFA says the problem is that lenders are mining in ways that aren't allowed by federal regulations. This leaves a few questions:
    • Why does the database system fulfill illegal search requests?
    • Do those who have been searching illegally still have access? If so, why?
    • What punishment exists for violating the regulations on what searches are allowed?
    • How much of the data stored on each student do these lenders actually have legitimate reason to know?
    • What hoops does a lender have to jump through to get access to the database?
    --
    "The use-mention distinction" is not "enforced here."
  12. What you should have typed. by techno-vampire · · Score: 3, Funny
    I am still in college, and currently me and everyone I kno...


    ...flunks English.

    --
    Good, inexpensive web hosting
  13. Re:The number of credit card offers... by hazem · · Score: 4, Interesting

    I got my undergrad at Portland State and have recently started taking graduate classes "for fun"... it's been more than 5 years since I attended.

    The particularly obnoxious thing is not getting credit card offers... no... your student i.d. IS a credit card! It's a mastercard. You have to go online to activate it and when you do, you have the option (if you check the box every time it pops up) to NOT have a credit account attached to it.

    In my mind this is even more insidious than the 5 credit card booths between the registrar's office and financial aid, and the pile of credit card apps in your bookstore bag.

    There's no way to avoid getting the card and you have to work to not make it a credit card.

  14. Not that simple by Moraelin · · Score: 5, Interesting

    I don't give a shit anyway , if it's only going to be email messages. In the worst case they would call ? .. Just hang up.


    It's not that simple. If the database contained only email addresses and telephone numbers, ok, noone would give too much of a shit.

    Unfortunately, by the sound of it, it contains enough data for identity theft. Especially since in America a bunch of idiots decided that the SSN is usable as unique ID and/or password for everything, so anyone who knows yours already won half the battle to impersonate you. Plus the always useful (especially to a crook) information of how elligible for a loan everyone there is.

    So here's a simple scenario: a crook looks through that database, finds a list of kids with upper middle class parents (you don't want to go for billionaire sons, because that might raise suspicions), also finds all the information needed to impersonate any of them to a bank, and takes a hefty "student loan" in the name of each. Just hefty enough to be worth the heist, but not quite close to the limit to raise too much suspicion and verifications. Crook buggers off with the money, and the parents are left to prove that it wasn't their offspring who took the loan. (After a round of inquisition to determine if it really was the son who blew the money on hookers, booze and dope.)
    --
    A polar bear is a cartesian bear after a coordinate transform.
    1. Re:Not that simple by StarvingSE · · Score: 3, Insightful

      Not if you apply for something such as a credit card through the mail or online. All you need is name, address, phone, and social security number and you have a credit card in that person's name. In the US, the social security number is the only piece of info most companies need to extend you credit, and then link that account to your credit rating. If the US government really wanted to go after identity theft, they would require physical ID or even lessen the power of the social security number. However, [my speculation]credit card lobbyists [/my speculation] and a "don't care" attitude to really solve the problem from a government stand-point means that the problem will only get worse.

      --
      I got nothin'
  15. link (.pdf) to privacy policy by ushering05401 · · Score: 4, Informative

    i posted this lower in the thread so it will probably be buried. check out #3, item (d).

    link:http://www.ed.gov/notices/pia/nslds.pdf

    they sell to 'servicers' of educational institutions and i am guessing y'all signed off on it. if you are pissed about this issue a good question might be how someone is classified as a servicer.

    regards.