FAFSA data breach: 100,000 people may have had their info compromised


It’s been just a month since the Department of Education turned off a data retrieval tool on its Free Application for Federal Student Aid (FAFSA) because of security concerns.

Now we’re now getting word that up to 100,000 people who used the tool may have had their financial info compromised by hackers.

The head of the IRS, commissioner John Koskinen, revealed the extent of the suspected breach Thursday.

“Fortunately we caught this at the front end,” the IRS commissioner said during a Senate Finance Committee hearing. “Our highest priority is making sure that we protect taxpayers and their identity.”

Read more: SoFi review — Here’s what this unique education lender can do for you

Inside the FAFSA tool data breach

In early March, the DOE disabled the IRS Data Retrieval Tool (DRT) on fafsa.gov and StudentLoans.gov when it became clear that the system may have been breached.

The DRT was a handy application that scraped info from electronically filed tax returns and then auto-populated that info into the FAFSA, making the application process a cinch.

The tool could also be used when applying for an income-driven repayment plan.

Unfortunately, identity thieves who got their hands on the data from the breached tool were using the info to file fake tax returns in taxpayers’ names.

Some 8,000 fraudulent refunds — worth about $30 million — made their way through to criminal hands. But the IRS was able to stop the lion’s share of criminal activity — halting 52,000 bogus returns and preventing 14,000 illegal refunds from getting to the crooks.


Now the IRS Data Retrieval Tool will be offline until fall 2017, when the FAFSA application season begins anew. Extra security layers will be added to the tool in the interim.

“We recognize the burden on applicants if the convenience of the IRS data retrieval return is not available,” Koskinen said in a prepared written statement. “However, in the process of considering potential, short-term technical solutions, we realized that none of them could clearly ensure the protection of student loan applicant financial information.”

You’ll have to manually enter your tax info in the interim

Just because the DRT is knocked out temporarily, that doesn’t mean it has to hamper your ability to fill out the FAFSA.

The workaround is simple: Get out your most recent tax return and manually enter the financial info that’s requested on the FAFSA.

Sure, it’s not convenient, but at least you’ll ensure your info isn’t being comprised!

Read more: Free online courses, lessons and apps that will make you smarter

Your iCloud account could be vulnerable to hackers

  • Show Comments Hide Comments