Promises of Debt Relief Meet Privacy Concerns

Dan Bauman
The Chronicle of Higher Education

πŸ”— The Pitch: Debt Relief. The Reality: Borrowers May Pay More.
πŸ”— I Called 4 Companies for Advice on My Student Debt. This Is What I Learned.
πŸ”— A Glimpse at the Connections Among 7 Debt-Relief Companies

Social Security numbers, email addresses, phone numbers, and student-loan balances—that’s the information Len R. Breidert, a former employee of a student-loan consolidation company, was able to mine from a government database of student-loan borrowers between 2005 and 2007.

Mr. Breidert had intended to use the data for marketing purposes, according to a government report, but his plan fell apart in 2007, when federal agents raided the Florida office of his then-employer, Student Funding Services. Two years later, the former financial specialist pleaded guilty to fraud in connection with computers and privacy violations, agreeing to serve one year of probation and pay $385 in restitution.

Student-debt relief companies have recently come under increased scrutiny from government agencies and consumer watchdogs, who say that many of the services offered by the firms can be obtained from the federal government at no cost and with little effort.

In an article published last week, The Chronicle examined how some student-debt relief companies entice borrowers with promises of loan consolidation, debt forgiveness, and lower payments. Simultaneously, these companies play up the complexity of the application process and the need for an expert.

But while the consumer-protection issues surrounding the industry have drawn attention, another area is also starting to receive focus: borrower privacy.

The privacy concerns center around the government database mined by Mr. Breidert, the National Student Loan Data System. The system, known as NSLDS, is a database maintained by the Education Department that houses the personal and financial information of millions of borrowers. While the database is confidential, employees for third-party companies (such as lenders, colleges, and debt-relief companies) can use the system for government-sanctioned purposes. In Mr. Breidert’s case, he was given access to the database so he could review the loan histories of clients who were interested in consolidating their federal student loans.

Around the same time that Mr. Breidert’s plea agreement was entered, employees at two other student-debt relief companies were also prosecuted for misusing the database.

According to a department report to Congress, a marketing director at University Financial Lending Services assigned the NSLDS user accounts of other employees to company managers whose own accounts had been revoked “because of abuse of the NSLDS system.” The company’s marketing director, David M. Brabson, pleaded guilty in 2009 to fraud charges and privacy violations. He was sentenced to one year of probation and was ordered to pay approximately $980 in restitution.

Mark M. Bullock, a manager at EDU Debt Solutions in Florida, received a similar penalty—two years’ probation and $730 in restitution—after he instructed employees to fraudulently obtain NSLDS accounts.

A Caution Against PIN-Sharing

But privacy concerns don’t begin and end with acts of fraud. Two weeks ago, the Education Department issued a warning to borrowers about student-debt relief companies. The department cautioned borrowers against trading personal information for private-sector assistance with student-loan consolidation.

An investigation by the department’s inspector general found that some borrowers were sharing their federal student-loan personal-identity numbers with companies in the loan-service industry. According to a September 2013 report describing the inspector general’s findings, PIN sharing can create an opportunity for bad actors “to change and misuse the students’ personal data.” Under the most-optimistic scenario, a debt-relief sales agent can use a borrower’s PIN to log into the student-loan database, assess an individual borrower’s debt burden, and provide the borrower with options for consolidation and repayment.

But as Joyce DeMoss, student-loan ombudsman for the department’s Federal Student Aid office, pointed out in a blog post two weeks ago, a borrower’s PIN is much more than a government-issued username and password.

“Your PIN is the equivalent of your signature on any documents related to your student loan,” Ms. DeMoss wrote. “If you give your PIN away, you give others the power to perform actions on your student loan on your behalf.”

On its website, the department tells borrowers to avoid giving PINs to any third party, as such disclosures can lead to identity theft.

Last year, the National Consumer Law Center released a scathing report on the debt-relief industry and its practices. Since then, the consumer group has received complaints from borrowers who say they were pressured to give their personal information to debt-relief companies. Deanne Loonin, who wrote the report for the law center, said her organization was particularly concerned about how some debt-relief companies might use borrower information after the firm’s services to the borrower are terminated.

“Will they continue to look at the borrower’s loan information over time? Will they use that as a marketing opportunity if they see that a borrower has gotten a new loan or is in trouble on the loan?” Ms. Loonin asked.

A representative of the Association for Student Loan Relief, which describes itself on its website as “the leading association of professionals associated with the sole purpose of assisting Americans burdened with student loan debt,” said in an email that the organization supports the department’s privacy efforts and encourages legal compliance. When asked to comment on the practices of firms referenced in this article, the association said that its mission was “purely educational” and that the group doesn’t “really get into the details” of privacy violations.