http://www.azcentral.com/arizonarepublic/local/articles/0722loan0722.html By Laura Houston The Arizona Republic July 22, 2006 Maricopa Community Colleges is taking a second look at a contract with a national loan company to provide student tuition services after the company lost information on 188,000 customers. The district's governing board is slated to approve a contract with NelNet at its Tuesday meeting without discussion. The agreement effectively would make available loan services to about 280,000 students enrolled in the district's 10 colleges and two skill centers. Students would pay all fees for the service. There would be no charge to the district. College district officials heard about the security breach Thursday, said Debra Thompson, district vice chancellor for business services. They were wanting to see how much responsibility NelNet bore in the loss of the data, which United Parcel Service shipped from Aurora, Colo., near Denver. Most, if not all, of the customers whose information has been lost are from Colorado, said Cheryl Watson, chief communications officer for NelNet. The data, stored on magnetic tape in a single box, were reported lost Monday and had not been recovered by Friday afternoon, Watson said. Customers were notified as a courtesy, she said, because the company was "not technically required to notify them." "In all likelihood, the tape was probably destroyed in the UPS facility," Watson said Friday. "We're just doing what is in the best interest of the students." A district committee approved the NelNet contract after a bidding process that began no later than May, Thompson said. The new system would be in place by October so that students could use it during spring 2007 class registration, according to the district governing board's agenda item. NelNet is a national student tuition payment company with more than $21.6 billion in net student loan assets reported in March. Thompson said that in light of the recent incident, the district would reassess its contract award to the company. The contract would create a computerized system in which students sign on with NelNet and are charged a $20 convenience fee per payment to break up their tuition cost over as many as six payments instead of making the payment in one lump sum, Thompson said. The way NelNet was transporting the sensitive information was "relatively historic and archaic," said Darrel Huish, associate vice chancellor of information technology with Maricopa Community Colleges. "I'm sure they would be reviewing their policies and procedures. We want to make sure their response is appropriate for the incident," he said. NelNet representatives have said this was a "routine shipment" and stressed that the magnetic tape on which the data are stored is secure because it requires sophisticated equipment to be read and used. But that's not any reason to feel secure, said Todd Davis, CEO of LifeLock, a Chandler-based identity-theft prevention company with a growing clientele among colleges and universities nationwide. "Identity theft is a $55 billion-a-year industry," Davis said Friday. "They (criminals) have all the technology they need to read magnetic tape. They have all the resources they need." _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jul 24 2006 - 00:40:36 PDT