Business Fraud: Educational Credit Management Corp.

Only available on StudyMode
  • Download(s) : 130
  • Published : April 17, 2011
Open Document
Text Preview
Educational Credit Management Corp - ECMC, a student loan guarantee agency based off of Minnesota, announced on March 2010 that there was a security breach in their establishment. Student loan borrowers had their personal information (names, social security numbers, addresses, and dates of birth at a minimum) stolen off of the premises via “portable media”. In the article, Data Theft Hits 3.3 Million Borrowers, Pilon noted that this is believed to be the largest data breach of its kind and “could affect as many as 5% of all federal student-loan borrowers” (Para. 1).

As a precaution, ECMC made arrangements with Experian, the credit protection agency, to provide credit monitoring services to borrowers affected by the data breach. In addition to the free credit monitoring services, borrowers will also be given identity theft insurance coverage (Karnowski, 2010, para. 5).

There are several types of security controls to prevent systems and/or information breach. The three controls that were apparently absent from ECMC headquarters were: Authentication controls, physical access controls and training controls. According to the text, Accounting Information Systems, Romney (2009) distinguishes these as Preventative Controls (pp. 259)

ECMC was very careful in giving details about the data breach, including if the perpetrator was known, so assumptions are necessary in identifying the control issues that were compromised in this case. According to Romney, authentication controls are those that focus on verifying the identity of the person attempting to access the system (pp. 259). It is possible that ECMC failed to require authentication controls from their employees. If employees were required to have ID badges or passwords to gain access to content sensitive areas perhaps the breach wouldn’t have happened. Although it is unknown who the perpetrator was, it is possible that the portable media device containing the borrower’s personal information was...
tracking img