An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
Department of Justice
Review of Department of Justice Airfares and Booking Fees October 2012 Through June 2013
This report highlighted security vulnerabilities associated with the Federal student aid Personal Identification Number (PIN) Registration System (PIN system) that were identified through various OIG investigations. Vulnerabilities identified included inadequate PIN recovery mechanisms that have the potential to allow unauthorized users to access FSA’s student loan Web sites and databases and obtain sensitive personal information contained in the PIN system; students sharing their PINs with Internet-based loan servicers that provide an opportunity for bad actors at a company to change and misuse the students’ personal data; and third-party FAFSA preparers managing student PINs without identifying themselves on the FAFSA, controlling student PIN accounts, and receiving electronic correspondence from FSA that is intended for the student. We recommended that FSA make specific improvements to its PIN system to ensure personal information stored on its databases and Web sites is adequately protected. We also suggested that the Department consider developing a capability to enable students to permit companies providing loan-related services read-only access to relevant areas of their accounts that do not contain sensitive personal information, and that it create preparer-specific access accounts that would allow a student to authorize a preparer to access and modify only certain sections of the FAFSA.
