A staggering 2.5 million individuals were impacted in a security breach that could potentially lead to further complications in the future.
EdFinancial along with the Oklahoma Student Loan Authority (OSLA) are alerting more than 2.5 million borrowers about a data breach that resulted in the exposure of their personal information.
The entity compromised in the security violation was Nelnet Servicing, a system and web portal service provider based in Lincoln, Nebraska, serving OSLA and EdFinancial, as revealed in a disclosure letter regarding the breach.
On July 21, 2022, Nelnet disclosed the security breach to the impacted loan borrowers through a written correspondence.
The cybersecurity squad swiftly jumped into action to safeguard our information network. They promptly halted the dubious activities, rectified the problem, and initiated a rigorous probe involving independent forensic specialists to comprehend the extent and character of these activities, as mentioned in the correspondence.
On the 17th of August 2023, the probe concluded that an unauthorized entity had gained access to personal data of users. This compromised data comprised of individuals’ names, residential addresses, email IDs, contact numbers, and social security numbers, affecting a whopping 2,501,324 student loan accounts in total. Thankfully, the users’ financial details remained unaffected.
In a report of the security breach lodged by Nelnet’s chief legal officer, Bill Munn, with the state of Maine, it was revealed that the breach took place sometime between June 1, 2022, and July 22, 2022. However, a communication sent to the impacted customers specifically indicates July 21 as the day of the breach. The discovery of the breach was made on August 17, 2022.
“On the date of July 21, 2022, our client management system and user-oriented website, operated by Nelnet Servicing, LLC (Nelnet),
The gateway service informed us about a security loophole they had uncovered, which we suspect resulted in this incident,” as stated by Nelnet.
The details regarding the security flaw remain ambiguous.
“An investigation concluded on August 17, 2022, that from June 2022 to July 22, 2022, there was an unidentified entity with access to specific student loan account registration details,” as stated in the letter.
Targets of Loan Beneficiaries
Despite the fact that the most crucial financial details of users were safeguarded, the personal information that was compromised during the Nelnet incident could potentially be exploited in upcoming social engineering and phishing efforts, as clarified by Melissa Bischoping, an expert in endpoint security research at Tanium, through an email statement.
“Bischoping mentioned that the latest updates about student loan forgiveness could potentially provide an opportunity for fraudsters to engage in illicit actions.”
Just a week ago, the Biden administration declared a scheme to write off $10,000 of student loan debt for those in the low- to middle-income bracket. It was mentioned that the debt forgiveness initiative could potentially be exploited to entice individuals into clicking on phishing emails.
She alerts that the data compromised recently will be exploited to mimic the impacted brands during numerous phishing attempts aimed at students and fresh college graduates.
“She mentioned that they have the ability to manipulate trust from established business connections, which can make them especially misleading.”
In response to the security infringement notification, Nelnet Servicing advised Edfinancial and OSLA that their cybersecurity division promptly moved to safeguard the data system. They blocked the dubious activity, rectified the problem, and initiated an inquiry with external forensic specialists to comprehend the extent and character of the activity.
The resolution also encompassed two years of complimentary credit surveillance, credit assessments, and as much as $1 million in insurance against identity theft.