back to article 8,400 email addresses spaffed by Student Loans Company

The Student Loans Company (SLC) has apologised after inadvertently leaking the email addresses of about 8,400 students this week. Anyone who had got half-way through filling in an application form on the SLC site was sent a motherlode of personal data on Monday: emailed reminders to complete the electronic paperwork included …


This topic is closed for new posts.
  1. El Presidente

    Data breach ? Yes

    Criminals able to track down and exploit individuals with email addresses like or ?

    Not so much.

    1. Z-Eden

      Re: Data breach ? Yes

      No, but you can bet your snakebite and black that some less than salubrious student will decide to bulk his student payments with a sale of a complete list of confirmed active e-mails to spammers.

      1. Graham Bartlett

        "snakebite and black"

        Known as a "purple nasty" when I was at Lufbra and considered something of a local specialty, since purple is the Lufbra team colour.

        1. dogged

          Re: "snakebite and black"

          Around here in the West Country it's called "Red Diesel" although sadly, it's not VAT-free.

    2. Sir Cosmo Bonsor

      Re: Data breach ? Yes

      How did you get my email address!???!

    3. ElReg!comments!Pierre Silver badge

      Re: Data breach ? Yes

      Assuming an homogenous gender distribution that's 4200 email adresses for young ladies who have trouble making ends meet. Now I'm sure I can recoup a significant number of these with a Facebook search to weed out the married or ugly ones and presto! Shuggah daddy comin'. I might even interest some of them in a short length of sidewalk in Shepherds Bush, who knows.

      (of course the most likely consequence will be massive amounts of spam for all involved instead, but that's boring; I prefer my scenario)

      1. Nanki Poo

        @ Graham

        Ah, Lufbra and Purple Nasties! <sigh> I never vomited so much.

        And if you were there in late 80s and in Rugby team, you do not have to drop your shorts every fourth round.

        Every second would have been nice.

        Icon wrong colour...


        1. Zog The Undeniable

          Re: @ Graham

          At Birmingham we had Strawberry Milkshakes. These consist of a top-shelf job in a pint glass (fortunately this is only usually whisky, gin, rum and vodka in the average student bar), creme de cassis to make it pink, avocaat to turn it opaque and then topped up to the brim with lemonade.

          If you drink three of them, you get severe kidney pains.

          Lowenbrau and Diamond White super-snakebites were also incredibly popular.

          These days I doubt I could afford the latter, let alone the former.

          1. dogged

            Re: @ Graham

            The worst snakebites used Diamond Shite and Special Brew (it's central heating for tramps!), occasionally with a double shot of this weird blackcurrant liqueur they had. Brutal.

  2. aBloke FromEarth

    Can you buy email software

    that doesn't even have a "to" or "cc" field?

    1. spodula

      Re: Can you buy email software

      Its the sort of thing thats trivial to write. I did it for a club website a few years ago.

      What i wrote was a small PHP script to monitor an email box, when it recieves an email, from certain email addresses in certain IP ranges, with a certain signature, it will relay it to everyone signed up to the club website that opted in to it.

      Idiot proof, and you can keep your email lists away from people who dont understand the internet.

      (This is not nesseserilly an insult you understand, the people involved were fantastic at what they do, just what they do isnt really technology)

  3. Will 20

    I'm not surprised. They're a cowboy outfit, unfit to be in charge of a paperclip, let alone have a monopoly on student finance.

  4. Anonymous Coward
    Anonymous Coward


    Run all outgoing email through software "at the edge" (is that the correct term?) to ensure anything leaving has the To field entries removed or place in the BCC fields.

    That they think they can get away with sending out a second email asking for the first to be deleted. No doubt the Information Commisioner will do nothing. Some one should be sacked and not necessarily the person that sent the email.

    1. Anonymous Coward
      Anonymous Coward

      Re: OR

      The article says the info was in an attachment - so your suggestion wouldn't have helped in this instance.

      Still a good idea though.

      1. JimmyPage Silver badge

        Re: OR

        but there is software to scan and block attachments for RegExs, we use it as part of PCI-DSS to prevent credit card details being exported ....

  5. Graham Bartlett

    Internal investigation

    I can save them some time. It happened bcos you've got a state-sponsored monopoly so you don't give a damn about the people you're lending money to.

  6. Anonymous Coward

    "..asking all recipients to delete the previous email.."

    yeah like that's gonna happen.

  7. swampdog

    Chris Andrew, company secretary of the Student Loans Company..

    ..", has said bosses have launched an internal investigation".

    Involving a rubber glove, one would hope.

  8. ByeLaw101


    "A spokesperson told The Reg that the money lender quickly realised its mistake and sent out a subsequent email asking all recipients to delete the previous email and attachment"

    Oh, phew... OK... so that's all right then ;)

  9. Joe Harrison Silver badge

    Easy solution?

    Can't they just go into Outlook and click "recall this message" ?

    1. jonathanb Silver badge

      Re: Easy solution?

      I've had a housing association do that three times. As I'm sure most El Reg readers are aware, but it is worth emphasising anyway, what happens when you do that is that Outlook sends out another email cc'ed to everyone on the list saying that the previous message has been recalled.

    2. Anonymous IV

      Re: Easy solution?

      They can - but the recall might work only if the target email server runs Exchange. Emphasis on the "might work"...

      1. jonathanb Silver badge

        Re: Easy solution?

        And saying as they are students who would have applied before getting their university email account, the number of them with exchange servers will be very minimal. It will be mostly be webmail accounts like Gmail and Hotmail.

  10. This post has been deleted by its author

  11. Anonymous Coward
    Anonymous Coward

    They'll still be sitting comfortably

    Their (anonymous looking) offices are a block up the road from mine. A few months ago walking to work I noticed a truck unloading about 100 Hermann Miller Aeron chairs on the pavement outside their office which were then wheeled into the building. Since I know those are about £1,000 each I wanted to know who on earth was spaffing that on office furniture (and not just for the CEO). I mean obviously it was some sort of quango, a private company would never do that, just that I had to check which strangely anonymous public sector gravy train it was.

    Maybe they were so comfortable that they were falling asleep when they sent the email...

  12. Mr Young
    Thumb Up


    I could maybe crowdsource that for a cheap dried noodle bargain?

  13. Ben 56


    Is one virus on any of the machines reading that email and instantly all of those addresses will be spammed and harvested.

    I speak from experience of course when I was wished happy Christmas by some muppet I barely knew one year who addressed a seasons greetings email to some 100+ people on his address book years ago.

  14. Eduard Coli

    Ho hum

    There go all of those outsourcing savings...

    Wait, they already left as executie bonuses.

  15. Christopher Rogers

    I remember ElReg doing something similar.

    1. M Gale

      That was fun.

      "You have new mail"

      Followed by the email client squealing and complaining about the gutbustingly-huge content. Not sure how many lines were in it, but I know my main account's elreg-specific email address was in it.

      Ho hum. Be interesting to see how many spammers/scammers actually use it. Haven't spotted any yet that have made it past my friend Mr Bayes.

  16. vilemeister

    I was going to write to the reg when I got this email, it was very interesting!

    It was also in an attatched csv file.....

  17. Robert Grant

    SLC are the worst

    You can't even log in and check your balance. What sort of 1990s banking operation is this?

  18. Anonymous Coward

    Return to Sender

    I've gone back to a hardcopy planner/address book and calendar. Too many filthy rotten scoundrels slurping up data from mobiles and the what nots of computing convenience. It's enough 'they' track us and pirate our personal data, but now they sell, trade, barter, and leak our information wholesale.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019