A subsidiary of the Student Loans Company has admitted accidentally sending out an email that included the email addresses of all 8,000 recipients.

Student England Finance has apologised for the data breach, which it says was due to an administrative error. The breach took place on Monday, and affected students who are due to start university later this year.

In December 2011, the Metropolitan Police’s e-crime unit arrested six people in connection with a phishing scam that targetted student loan recipients. Victims were sent what appeared to be an official email from the Student Loans Company, asking them to update their bank account details.
 
If they did so, the criminals stole between £1,000 and £5,000 from their accounts. The Met said the scammers stole up to £1 million in this way.

"A great deal of personal information was compromised and cleverly exploited for substantial profits," detective inspector Mark Raymond said at the time.

After those arrests, Information Age asked the Student Loans Company in a Freedom of Information Act request whether it had suffered any major data breaches in the last five years.

Of the 15 data breaches suffered by the SLC during that period, only one involved the disclosure of customer information to a third party. Details of that data breach are due to be revealed in the SLC’s annual report, due in June or July this year, it said.