Student Loan Authority Hacked

Nelnet Servicing, LLC notified Edfinancial and OSLA (Oklahoma Student Loan Authority) “that it had discovered a vulnerability it believed led to” the data breach. Reports say over 2.5 million individuals with student loans from OSLA and EdFinancial were exposed after hackers breached the systems of technology services provider Nelnet Servicing.

Nelnet works with the Department of Education (Department) to help to achieve your educational goals. Also, they provide customer service on federal student loans. Technology services from Nelnet Servicing, including a web portal, are used by OSLA and EdFinancial to give online access students taking out loan access to their loan accounts.

Based on Nelnet Servicing, LLC’s investigation, “Certain student loan account registration information was accessible by an unknown party beginning in June 2022 and ending on July 22, 2022.”

Exposed Information in the Data Breach

  • Name
  • Address
  • Email address
  • Phone number, and
  • Social Security number.

About 2,501,324 people were impacted by Nelnet Servicing, LLC’s data breach. There are no account numbers or any form of payment information was exposed due to the security incident.

According to the reports, a notification letter to impacted parties was sent to the Maine Attorney General as part of the data breach disclosure process, Nelnet Servicing has informed OSLA and EdFinancial, who are notifying their customers.

EdFinancial states that all its clients are hosted by Nelnet Servicing and not all students who took a loan through them are impacted by the data breach.

Markovits, Stock & DeMarco, the law firm initiated an investigation on the potential of a class action lawsuit. In this case, attackers may involve in phishing attacks, social engineering, impersonation, and various scamming schemes.

“We encourage you to remain vigilant against incidents of identity theft and fraud over the next 24 months, by reviewing your account statements and monitoring your free credit reports for suspicious activity and detect errors,” according to a notice sent to affected borrowers.

Therefore, it is advisable that those individuals who received the notice must take immediate action in response to safeguarding themselves by enrolling in Experian’s IdentityWorks service and being cautious against all incoming communication. It is also essential to check the bank statements and requesting a credit report is also advisable, in addition, a credit freeze can be applied for risky cases.

Also, Download Your Copy of OWASP Top 10 2022 Playbook

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.