Terri Shaw, the department's chief operating officer for federal student aid, said the people involved are holders of federal direct student loans who used the department's loan Web site — www.dlssonline.com — between Sunday and Tuesday.
It is the latest in a string of data thefts and security breaches affecting more than a half-dozen federal agencies in recent months.
Education Department officials blamed the breach on a routine software upgrade, conducted by Dallas-based contractor Affiliated Computers Services Inc., that mixed up data for different borrowers when users accessed the Web site. Since Sunday, 26 borrowers have complained.
"We're not pleased and we take this incident very seriously," Shaw said. "We've asked ACS to determine how this glitch was missed in the testing process so we can make sure we fill that gap."
She said the people affected will be contacted by the department by letter and offered free credit monitoring by ACS.
A message left with the company was not immediately returned Wednesday.
The Web site program includes names, birthdates, Social Security numbers, addresses, phone numbers and in some cases account information for holders of federal direct student loans. It does not involve those who have loans managed through private companies.
Shaw said personal data may have been inadvertently mixed up if different users logged on at roughly the same time and performed the same Web site function, such as updating a home address. The department determined that less than one-half of 1 percent of the 6.4 million total borrowers — or roughly 21,000 — had logged on to the Web site between Sunday and Tuesday.
The department has disabled the malfunctioning parts of the Web program and will not turn them back on until the problem is fixed. During that time, certain portions of the student loan Web site may not be accessed.
There have been no reports of identity theft stemming from the software glitch, Shaw said.
In recent months, at least eight other government agencies have reported data breaches. The biggest was the loss of a laptop and external drive containing information for 26.5 million veterans and active-duty troops. That equipment, lost by a Department of Veterans Affairs employee, has since been recovered.