Bad actors may have gained access to millions of users’ information between June and July
A data breach on student loan servicer Nelnet Servicing has caused the confidential information of over 2.5 million users to be leaked. Nelnet Servicing provides technology services including a website portal to two student loan companies, Edfinancial and OSLA services.
On 21 July 2022, Nelnet contacted the two student loan servicing companies it provides technology services to about a cybersecurity vulnerability, which was discovered due to some “suspicious activity”. Once the vulnerability was discovered, Nelnet worked to secure its information system and launch an investigation into the incident.
It was concluded by the investigation on 17 August that, due to the vulnerability, student loan account registration information including name, address, email address, phone number and social security number, was accessible to an unknown third party staring in June and ending on 22 July 2022. Following this discovery, Nelnet Servicing notified the US Department of Education and law enforcement.
In a notice of the data breach provided to the Office of the Maine Attorney General, Nelnet said it is “providing impacted individuals with guidance on how to better protect against identity theft and fraud”.
The company is also providing individuals affected by the breach with access to credit monitoring services for 24 months, as well as providing notice of the incident to all relevant state and federal regulators and the credit reporting agencies TransUnion, Equifax and Experian.