2.5 Million Student Loan Accounts' Data Exposed Due to Nelnet Servicing Breach 

2.5 Million Student Loan Accounts’ Data Exposed Due to Nelnet Servicing Breach 

After hackers broke into the servers of technology services provider Nelnet Servicing, information for over 2.5 million individuals having student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial was made public. In order to provide online access to students taking out loans, OSLA and EdFinancial leverage technology services from Nelnet Servicing, including a web portal. 

Unknown attackers broke into Nelnet Servicing sometime in June and remained on company systems until July 22. The hackers probably used weakness to breach the company’s network. There have been about 2,501,324 people affected by the incident. A sample notification letter to affected parties was delivered to the Office of the Maine Attorney General as part of the data breach discovery procedure. Nelnet Servicing has notified OSLA and EdFinancial, who are informing their customers. 

Nelnet claims to have stopped the hack as soon as the security vulnerability was discovered. But, a later review, which was finished on August 17, 2022, found that some student loan account registration data may have been obtained. The following is among the revealed data: 

  • Full name 
  • Phone number 
  • Email address 
  • Social Security Number 
  • Physical address 

The letters make it clear that the security issue did not reveal any financial account numbers or other types of payment information. Additionally, EdFinancial emphasizes that not all of its clients are hosted by Nelnet Servicing, which means that not all students who obtained a loan via them are affected by the data leak. 

Threat actors may use phishing, social engineering, impersonation, and other scams if they have access to the abovementioned data. The danger of exposure is increased since loans are such a delicate subject. The law firm “Markovits, Stock & DeMarco” yesterday began an inquiry into the possibility of a class action lawsuit due to the magnitude of this data breach occurrence. With instructions on how to sign up included in the letters, EdFinancial and OSLA provide impacted people with free access to a 24-month identity theft protection program by Experian. 

“We encourage you to remain vigilant against incidents of identity theft and fraud over the next 24 months, by reviewing your account statements and monitoring your free credit reports for suspicious activity and to detect errors,” stated the notice sent to impacted borrowers. 

It is advised that anyone who gets the letters sign up for Experian’s IdentityWorks service right once to shield themselves from fraud. They should also keep an eye out for any other incoming correspondence. Reviewing bank account statements and ordering a credit report is also a good idea. Finally, in high-risk situations, freezing your credit should be an option. The notices that have been provided offer instructions on how to do that. 

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.