State higher-education officials say a coding error in a state college-loan website has turned out to be much less threatening than once thought.
The glitch enabled unauthorized access to the personal data of up to 1,330 SELF Loan applicants between October 2013 and Sept. 2, the day officials corrected it, according to Sandy Connolly, communications director for the state Office of Higher Education.
During that period, she said, the site was accessed without proper authorization three times — each time by a different unwitting student. Officials see no signs of hacking or downloading of sensitive data.
“We are very relieved,” Connolly said. “We think this is a best-case scenario.”
The data included names, email addresses and Social Security numbers. The accounts in question are a fraction of the more than 100,000 accounts on the website.
State officials say no other financial information — such as loan data — was on the site.
Authorities discovered the error Sept. 2 after they were contacted by a University of Minnesota student who’d seen names and private data on the site. Staff immediately corrected the error.
Connolly said that in addition to the U of M student, students from both Minnesota State University – Mankato and The Travel Academy each made an unauthorized visit to the site.
She said they inadvertently logged onto the site as administrators instead of students — something the glitch enabled. Connolly said officials don’t know how long students were on the site or how much information they saw.
“It doesn’t appear that there’s any misuse,” she said.
The state contacted the holders of the 1,300 accounts. It has also removed Social Security numbers from the website.
Although even one compromised account is serious, Connolly said, the situation turned out as well as it could have.
She said, “We feel confident that the site is secure — even more secure now than it was before the coding error.”
Here’s a report that the state is making available to the accounts involved: