Although last week’s theft of identity data on 3.3 million people with student loans may not have been the work of hackers, it still underscores the need for organizations to safeguard their private information from every type of crime. In other words, even with the most sophisticated anti-fraud tools in place, a company’s network can still be seriously compromised by a single swipe of a briefcase.
In the article, “Data Theft Hits 3.3 Million Borrowers,” a spokesperson for the victimized Educational Credit Management Corporation (ECMC), a nonprofit company that helps with student loan financing, said the stolen information was on a portable media device. Despite being a simple old-fashioned theft, the company and federal officials believe the incident was the largest-ever breach of such information, which could potentially affect as many as 5% of all federal student-loan borrowers.
While the impact could be devastating, incredibly, this latest incident isn’t all that unique. As the article points out:
“The ECMC incident is the latest in a series of thefts of consumers’ financial data in recent years. Earlier this month, a former employee of HSBC Holdings PLC allegedly stole data on about 24,000 Swiss private-bank accounts. In 2005, 40 million accounts serviced by payment processor CardSystems were compromised. In 2007, TJX Co., the company that owns retailer T.J. Maxx, disclosed that 45 million credit- and debit-card account numbers had been breached.”
According to the Privacy Rights Clearinghouse, over 347 million records containing sensitive information have been compromised in the U.S. since 2005.
The lesson here is data compromise can come in many forms — from highly targeted malware to the simple swiping of a device loaded with sensitive information. As trends in identity theft evolve, organizations need to continually re-evaluate their security strategies to ensure their network and private data is protected against the most sophisticated hacker to a common old-fashioned thief.