Press Release , The EMCO/Hanover Group

[Home Icon][What's New Icon][Products Icon][Feedback Icon][Search Icon]

ECMC Student's Identity compromised?
April 20, 2010

As an expert in financial institutional management, I have received numerous calls from fearful "victimized" students and American citizens, in the ECMC case. They are quite concerned about their personal identities at risk on a daily basis, due to what might be considered negligence, not only by the ECMC theft incident, but also by medical offices, banks, and other institutions, where personal information is stored. As we all know, there have been countless reports of this criminal activity and Americans are becoming not only concerned, but are fed up with the negligence and lack of safe-guarding their personal information.

Who do we believe and trust in America these days to do what is right? -- The police and their reports, media articles and lawyers, or ourselves? The question at hand in the ECMC case, should students stand up and fight alone for the right to have their personal identities protected? This is not limited to 3.3 million students, whose identities were compromised. In my professional opinion, this is not only a case of "Identity Theft," but a real issue of "Gross Negligence," not just by ECMC, but literally hundreds of thousands of businesses in America today, involved with the same issue.

Also concerning is a recent reported incident by the news media, involving an undisclosed Police Department in Los Angeles County, where boxes of victim's person records were left in an open garage, accessible to the general public and potential thieves. As we are aware, it has also been reported numerous times, involving medical centers throwing patients medical records in dumpster's, without first shredding them. Where will our vulnerability end?

Specifically, in the ECMC case, where the student loans are handled (a loan company located in Oakdale, MN.), whom handles student loans, (with some, not all, in default or in bankruptcy), many students received a letter, informing them that their personal identities (social security number, DOB, addresses) were stolen. Here, ECMC discovered the theft and reported it to the police on Sunday, March 21, 2010. However, dates of letters to the students were not sent out until, March 31, 2010 - some 10 days later. Even more concerning, many students did not received their letters until April 10, 2010 - almost a month later. Equally concerning, is that there was no police report attached to the letters, and students were informed that they may contact the Oakdale Police Department for a copy of the theft report.

From what I understand, when many students contacted the Police Department or ECMC for a copy of the "Theft" report, in which the phone number of ECMC was covered up by pen marks - a highly questionable procedure. As satisfaction, students were invited to contact Experian Credit Reporting Agency in order to receive one, free year, credit report to protect themselves. Obviously, many students felt that this was not an acceptable offer and thus declined. I cannot believe that this was sufficient restitution from ECMC for what appears to be "Gross Negligence" in this potential victimization, particularly when a foundation in the American Financial Market is one's credit report. Not only do I believe that ECMC was not prompt in their attempt to contact each student affected, but also they did not even offer an "effected" solution in my opinion.

Based on what was found on the Internet, many of the students questioned whether the letter sent by ECMC and the explanation given by the Police Department was not an intentional scam sent via the U.S. mail. While many proceeded to check the Internet to seek the truth in the matter, a number of them inquired at ECMC to discuss the details further. One student in particular, called ECMC, and a man answered the phone, asking her for her Social Security number. She replied with caution, "The entire social security number?" The employee replied, "Yes, I need it to input it in to our system to see if you were a victim." She obliged, with great hesitation! Then gave him her 9-digit Social Security number, thus enabling him to further confirm her personage as a potential victim, while risking her identity again.

Days later, as the ECMC story became more public through media attention, literally thousands of Blogs on many Internet sites including, YAHOO, sprang forth from confused, angry and concerned students, as to whether it was a scam. And why were not some students not informed via a letter from ECMC of the theft? Bloggers sarcastically continue to post as the story of the ECMC theft continues to change. "There are far too many holes of contradiction in this story to be believed!" One Blogger wrote. Many students and the general public believe this to be an "Inside-job."

Amongst the YAHOO Blogs, one in particular stands out: A man, claiming to have been hired by ECMC for the "THEFT" Call-Center, wrote that he was one of 300 employees hired in 3 days-specifically to take calls from potential victims. He mentioned that during his employment at ECMC, "a handful of representatives were fired after their calls were monitored and were considered, unprofessional.." I believe, students have fallen victim to further "Negligence" and "Victimization" as numerous Social Security numbers are now floating in the minds of former "Quasi-ECMC-Employees."

ECMC's Spokesperson Paul Kelash said, "It was simple Old-fashioned theft." he continued, "It was not a hacker incident." Puzzling, this statement was for whom? Was it the intent to calm the nerves of the student victims and their families, in order to move forward with their lives? What is to be considered an "old-fashion theft?" Theft is theft, Negligence is Negligence and Victimization is Victimization and we are ALL vulnerable. Terrorism is terrorism and it is alive and well in America when we allow any criminal element easy-immediate access to our privacy. Tougher laws, predefined penalties, need to be enacted in order to prevent such cases from ever happening again in America. Have we become complacent, waiting for all to be directly affected? Hopefully, this student incident will wake up America!

Sadly however, the punishment for such a crime is only 5 years and potentially a maximum fine of up to a $10,000.00. Should Tax-paying Americans now feel comfortable, knowing that their money is being well spent -- housing the thief, whom can sleep with a roof over their head, eat three-square meals a day, watch TV, work out in a gym and possibly have a reality show on the History Channel - "Breakout."

Continuing with the ECMC incident, the questions is: was this an inside job? There have been so many conflicting stories and these stories seem to change on a daily basis. What is the truth? Perhaps just using common sense, the public and victims may figure it out themselves, noting the old "5-W" adverbial of "Who, What, When, Where and Why?" Remember, when a thief wants money, they rob a bank, store, gas station or any other financial institution, where they KNOW there are better odds at stealing money. Why would "Joe Schmoe or Schmoes" enter offices (supposedly having to have key-cards to enter) where they are not sure what they will find? Funny, a student showed me a copy of the Police report from ECMC and it stated one safe was stolen. However, we are informed that two safes, not one, were involved.

Further, did the "thieves" just happen to have two dollies in their vehicle at the time of the theft? Think of making two trips to the office, confiscating 2-200 lb safes, rolling them to a car--without anybody seeing what was happening? And no one witnesses this.

Why were there no security guards, gates, alarm systems or electronic surveillance on the premises, which houses literally hundreds, possibly even thousands, of move-able CD's of Americans, including student's lives recorded on them? Even security surveillance systems, typically required and all governmental "confidential" programs, of this nature, would have solved this problem.

Another question: does ECMC operate in the same location as Imation? Unbelievable that a highly "sensitive" national corporation did not have surveillance cameras, particularly in light of Imation having a 50 year contract with the United States Government. As evidence on Google Earth per the Oakdale Police Department's "Theft Report." Note the address of both, and where the crime took place and personal records were stored. Again, unbelievable, no security gates. There you will see a photo of the property, where many American personal identities are stored.

Funny too, in one press release, it was reported that the call came in on either Saturday or Sunday. Ironically, an employee who discovered the theft was at the office on either day.. Can you believe no one can answer as to what day the theft occurred? Further, what caused an employee to be in ECMC or Imations office on the weekend? And no satisfactory answer by the police?

Another question: the location--3500 North Knox Ave, Oakdale 55412, where the police discovered the CD's in a dumpster, and safes nearby. Amazing, a student went to Googled-Earth, imputing the provided address and found a Satellite photo of a Train Depot with over 30+ cargo containers in the yard. Unanswered: how close was the dumpster to the train depot? Were the CD's and safes dropped off at a train depot dumpster? If one were to speculate, it would seem there would be two thieves, with two dollies, using one van, to conceal the safes from view of witnesses. Perhaps, one thief drove to the location-approximately 22 miles from 1 Imation Place (Oakdale MN 55128) while the other attempted to open the safes in the back of the van and remove the contents while in transit.

Now, comes the real question: was there a computer in the van to copy the discs in order to decrypt them at later date? Further, why did they drive to to 3500 North Knox Ave, to dumped the evidence? One report stated that the discovery was made by a neighbor in the alley. Why would a thief choose an alley to dump the safes and the CD's when there is a greater probability of witnesses? Are we to assume, the thieves are "Green" conscious of littering planet earth? Why were the CDs and safes dumped in a location, far from any witnesses, and causing Law Enforcement more difficulty in finding them?

Now I can see why the Internet is buzzing with crazed Americans, at how one person could carry 2 - 200 lbs safes and then deliver them unopened and unnoticed to a police station? That's another unbelievable con cocked story. Then, Americans heard and read, another contradiction-that the one safe was found opened with the CD's found in a dumpster not far from the safe.

What happened to the second safe? I guess they want the reader to believe that there is nothing of importance in the second safe. Then why was it stolen? Now I know why the public is not "Buying the goods!" Understandable, students on the Blog are not buying the story. Can a forensic expert honestly say or give proof as to whether or not any CD has been copied?Y

Yes Mr. Kelash (a spokesperson for ECMC): "this was not a hacker." In my opinion, "it was negligence, plain and simple."

Are we to assume ECMC's offices which houses safes with 600+ moveable CDs with American lives in them, stored in safes that are not bolted down?

Now comes the real issue at hand: Should millions of American's identities be vulnerable to anyone's sticky fingers? We are not just "identities" but real faces and lives behind these Social Security numbers. Americans worry about Terrorism from outside our borders, but we leave ourselves open to attack when companies are irresponsible and do not invest in security systems and protocol to ensure the safety and privacy of our most personal information.....our lives!

Perhaps ECMC's theft should give rise to awareness in America, perhaps, a new Bill be passed, making it mandatory that all companies, great or small, must safe-guard all client, customer, patient, employee, home-owner and student's personal information. OSHA and the State Board are responsible for looking into companies to ensure the health safety of Americans. Why should our financial and personal information not be equally important? Otherwise, terrorism will continue to thrive in America. Prevention was, is and always should be the best medicine.

Not all Americans can afford to pay Transunion, Equifax and Experian month -to-month for the rest of their lives nor can Americans fix their credit reports easily , always having to look over their shoulders. To live in fear caused by Identity Theft, is not freedom.

Are we to be like "Chicken Little" - cry wolf enough times when it becomes most important to protect ourselves? Is it too late! Perhaps, the students involved should consider filing a Class-Action Suit against "responsible" parties in order to change the way personal information is stored and protected.

Were you affected by the ECMC theft incident or if you would like to add a comment, then please contact us here by clicking on this link and filling out the attached form.


Bruce W. Barren
11740 W. Sunset Blvd.
Los Angeles, CA 90049
Email -

Based on what we found - Compiled with the assistance of:
Monique Frances Lis
Student & Victim