Financial aid is a crucial part of the college application process, and for many students that means filling out countless applications for scholarships, grants, and loans. Unfortunately, one of the inherent requirements for requesting large amounts of education money is the release of highly sensitive, personal identifying information.
Nearly two thousand people were informed this week that their applications for college aid from the Lakes Region Scholarship Foundation may have been accessed by an unauthorized person. The information that was possibly compromised includes names, addresses, birth dates, Social Security numbers, and more. As bad as data breaches are, the sad truth to this breach is that it dates back to applications from as far back as 1996 and extends to those submitted through 2009.
But there is an interesting twist to this story, and it’s a shining example of what can happen when an individual is up-to-date on the latest hacking attempts and internet scams. The entire incident came about because an employee at the Foundation received a phone call from an individual who claimed to be an IT professional. The caller stated that the Foundation’s network had been compromised. The employee had just had a pop-up message appear on the computer screen as well, informing them of a potential threat.
Unfortunately, the caller was granted access to the network in order to see if the system was indeed compromised. When the caller said they’d discovered the threat and could remove it for several hundred dollars, the employee immediately recognized a scam. They hung up the phone, shut down and disconnected the computers, and alerted the IT department.
This quick reaction may have prevented a data breach, but the Foundation isn’t taking any chances. While it appears as though the scammer was simply looking for a quick buck for “cleaning” the network, the experts the Foundation called for help did discover a program that was supposed to root out information at a later time. They were able to remove that program and are certain that no financial information or electronic funds were accessed; however, they can’t be positive that the scammer didn’t access the scholarship applicants’ records.
A notification letter has been sent to all of the applicants whose information was stored on the server, alerting them to the possibility that their information was accessed. This step is simply to encourage them to monitor their credit reports carefully for signs of any suspicious activity.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.