A state website that contained private information on college students seeking loans may have been compromised as a result of a coding error, the Minnesota Office of Higher Education disclosed Friday.
The agency said that the website, which provides online counseling about college loan programs, contained student names, Social Security numbers and e-mail addresses. But there’s no evidence that anyone’s information was used inappropriately, said Larry Pogemiller, the Commissioner of Higher Education.
Pogemiller said it’s not clear yet how many students had personal information on the site, which is part of the state’s Student Educational Loan Fund (SELF) program. But he said the agency plans to send letters to everyone who may have been affected.
“We don’t have enough information yet to know which students should get this letter,” Pogemiller said. “That’s what they’re trying to find out.”
Normally, only college financial-aid offices are supposed to have access to the student information, Pogemiller said.
The glitch was discovered over the Labor Day weekend by an unidentified University of Minnesota student who happened to log onto the site, Pogemiller said.
While the student was looking up information, the names and Social Security numbers of several other students popped up on the screen, he said.
The student promptly notified the university’s computer security staff, who notified the state agency, said Pogemiller. “Everybody did the right thing. We’re pretty convinced that this is totally inadvertent.”
Still, he added, “We want people to know … and we take it very seriously.”
No financial information
Pogemiller noted that the website does not contain private financial information.
A draft of the letter, which he said will be mailed in the coming weeks, says: “Our investigation does not indicate that your data has been used inappropriately; rather, it indicates only that your data could have been viewed by an unauthorized person.”
It says the coding error was corrected immediately.
But Pogemiller acknowledged that the glitch was probably present for months.
As a result, the letter advises students to “take precautionary measures to protect yourself,” such as monitoring personal credit reports.
The SELF program provides low-interest loans to about 10,000 Minnesotans, Pogemiller said.
But he said the students who used this particular website may or may not be part of that program.
The website is used by students at 87 colleges and universities to take online assessments and obtain information about how loans work.
The assessments often are required by colleges as part of the loan application process.