Access Group Education Lending, the student loan servicing company, has been the subject of a data breach.
Fox Business, citing a letter sent to those impacted, reported that 16,500 borrowers were recently alerted to the fact that files containing their personal data were improperly given to an unnamed business. The data breach occurred on March 23 when Nelnet, a vendor that processes student loans for Access Group, sent out the files.
The breached information included the names, drivers' license numbers and Social Security numbers of borrowers. Access Group said it learned of the incident on March 28, and that the receiving vendor said they deleted the files and did not keep copies. The company didn’t start notifying impacted customers until three weeks after the discovery, according to the report.
Access Group told Associated Press that the exposure was limited and has ended. Those who were impacted are being offered free credit monitoring for 12 months.
"Access Group values the trust our student loan borrowers and co-signers have placed in us, and we hold the privacy of our customers' personal information in the highest regard," the company said. "We regret any concern this incident may have caused our borrowers and we feel confident that we have minimized any threat to their personal information."
Nelnet apologized for the breach in a statement to Fox Business, saying the files were sent by accident to the wrong student loan lender, which spokesman Ben Kiser said is a trusted partner. "Nelnet has no reason to believe the information has been used inappropriately. The data file was sent through an encrypted channel," he said. Kiser noted the lender that received the data recognized the mistake and destroyed the files.