
Student loan company stole millions,leaks sensitive phone calls,SSNs,tax records - teslademigod1
https://cybernews.com/security/student-loan-company-stole-millions-leaks-phone-calls-ssns-tax-records/
======
teslademigod1
i think this is pretty important, so i'll TL;DR:

"We recently discovered an unsecured Amazon Simple Storage Service (S3) bucket
that contains more than 55,000 call recordings between loan support workers
and American consumers with outstanding student loans.

This open database also contains more than 25,000 PDFs, many of which are
scans or photos of proof of income (such as pay receipts or tax returns). Both
the proofs of income and call recordings contain the loaners’ social security
numbers, among other sensitive personal data.

The database seems to belong to members of the Student Advocates Group, which
an FTC press release named as a student loan debt relief scheme that “bilked
millions out of consumers by charging illegal upfront fees and falsely
promising to lower or even eliminate consumers’ loan payments or balances.”

Because the bucket contains sensitive data from people across the US,
including California residents, the bucket owner may have to pay damages and
penalties under the CCPA, since:

-The leaked data contains highly personal information (including names plus social security numbers and tax ID numbers,) -The data is both non-encrypted and non-redacted (all samples in this article have been redacted by CyberNews) -The leak is “a result of the business’s violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information.”"

