According to recent reports, hackers breached Nelnet Servicing, a technology services provider. The hackers breached the systems of Nelnet and data of more than 2.5 million individuals with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial was exposed.
OSLA and EdFinancia uses technology services from Nelnet along with a web portal. Through this they provide online access to students who take out a loan access to their loan accounts.
The hackers, reportedly compromised Nelnet’s systems sometime in June. They stayed in their systems until July 22. They compromised the company’s network after exploiting a vulnerability.
This breach has affected about 2,501,324 individuals.
The authorities forwarded a sample notification letter as part of the data disclosure process, to the Office of the Maine Attorney General, which they created for impacted parties. Nelnet Servicing informed OSLA and EdFinancial about everything, who in turn has informed their customers.
According to latest reports from a subsequent investigation after Nelnet blocked the cyberattack, determined that the threat actors might have accessed student loan account registration information. The authorities completed this subsequent investigation on August 17, 2022.
According to statements, the exposed information features the full name, physical address, email address, phone number and social security number.
The notified letters clarified no financial account numbers or any information related to any form of payment was exposed.
Additionally, EdFinancial clarified that all of their customers are not hosted by Nelnet Servicing. Thus, not every student that availed a loan from EdFinancial was impacted by the data breach.
