Regulators have identified that up to 100,000 student loan applicants could have had their personal information stolen by hackers.
This comes after a “data retrieval tool” that allowed applicants to upload their tax information to the Free Application for Federal Student Aid (FAFSA), which was hacked by criminals. John Koskinen, head Commissioner for the IRS, has been investigating the ways in which the breach could have happened.
The tool that was to blame was shut down in March and will reportedly not be in operation until Autumn 2017. However, although the issue has been resolved, 100,000 innocent students embarking on education have had their personal details potentially released into the hands of criminals.
It’s thought that the criminal(s) gained the students names, dates of birth, and social security numbers. This is sensitive information, and when put together, people may be at risk.
For those of you wondering, a social security number is essentially the US version of a national insurance number in some ways, and they are used for tax, employment, and identification purposes. Furthermore, a social security number can be crucially sensitive, personal information, and it is not something you would want floating around the internet or in the hands of criminals.
“Easily hackable”
The IRS found that the “data retrieval tool” to blame for the leak was easily accessible through using an e-file PIN. After looking through 200 possible ways the hackers could have retrieved the information, it was determined that the cyber-attackers could have signed-on using a persons social security number, name and address.
Speaking to the press, Koskinen expressed that:
“It was clear that some of the activity was legitimate students, some of it was criminals…social security numbers can be bought online for $10 by organized criminals…”
A new system is currently being used while the “data retrieval tool” remains offline while the FSA work on making it more secure.