WASHINGTON -- Some lending companies with access to a national database that contains confidential information on 60 million student borrowers have repeatedly searched it in ways that violate federal rules, raising alarms about abuse of privacy, government and university officials said.
The unauthorized searching has grown so pervasive that the Education Department is considering a temporary shutdown of the government-run database to review access policies and tighten security.
Some officials worry that businesses are trolling for marketing data they can use to bombard students with mass mailings or other solicitations.
Students' Social Security numbers, e-mail addresses, phone numbers, birth dates, and sensitive financial information such as loan balances are in the database, which is covered by federal privacy laws.
"We are just in shock that student data could be compromised like this," said Nancy Hoover, director of financial aid at Denison University in Ohio.
Education Department spokeswoman Katherine McLane said the agency has spent more than $650,000 since 2003 to safeguard the database. The department has blocked thousands of users it deemed unqualified for access after security reviews, McLane said, and it has blocked 246 users from the student loan industry.
In general, the department allows lenders to search records in the database only if they have a student's permission or a financial relationship with the student. The department has been "vigilant in its monitoring for unauthorized uses" of the database, McLane said.
Concerns about possible abuses of the database are emerging as the student loan industry is under investigation by congressional Democrats and the New York attorney general. Critics say the $85 billion-a-year industry has cozied up to government and university officials who are in the position to help lenders.
The National Student Loan Data System was created in 1993 to help determine whether students are eligible for financial aid and assist in collecting loan payments. About 29,000 university financial aid administrators and 7,500 loan company employees have access to it.
In a recent meeting with university financial aid directors, Theresa Shaw, chief operating officer of the department's Office of Federal Student Aid, which manages the database, said lenders have been mining it for student data with increasing frequency, according to three participants at the meeting.
"She said the data mining had gotten out of control, and they were trying to tone it down," said Eileen O'Leary, director of student aid and finance at Stonehill College of Easton, Mass., who was at the Feb. 26 session. "They'd seen the mining for a few years, but now they felt it had grown exponentially."
The department first noticed a problem in 2003 when loan consolidation became more popular, according to an agency official who spoke on condition of anonymity because of the sensitivity of the matter. As companies began to aggressively look for low-risk borrowers to target for consolidation plans, they turned to the database for prospective customers, the official said.
Users on the system can view only one student record at a time, and the department can monitor each time a user views an entry. "When we see them go in and out very quickly, that's when it raises flags" about data mining, the official said. Such abuse would be a violation of department rules.
Officials grew so concerned that in April 2005, the department sent a letter to database users warning that inappropriate use of the system -- in other words, looking for information without authorization -- could cause their access to be revoked.
The letter said the agency was "specifically troubled" that lenders were giving unauthorized users -- such as marketing firms, collection agencies, and loan brokerage firms -- the ability to access the database.
Through a spokeswoman, Shaw declined to comment.
After the warnings, inappropriate usage of the system seemed to decline.
But several months ago, top managers learned the practice had resumed.
Senior education officials are advocating a temporary shutdown of access to the database until tighter security measures can be put in place.
Some financial aid directors say abuse of the database would explain why some students who have taken out loans only directly with the government are deluged by up to a half-dozen solicitations a day from private loan companies.
"Our students are being inundated with marketing from consolidation companies," O'Leary said. "How else are the consolidation companies getting our students' information?"