Technology services provider Nelnet Servicing suffered a cyber-attack impacting data of 2.5 million student loan accounts. According to reports, personal details including names, addresses, email addresses, phone numbers, and social security numbers of over 2,501,324 individuals were exposed.
Nelnet Servicing offers technology services to Edfinancial and Oklahoma Student Loan Authority (OSLA) and a website portal for loan takers to access their accounts.
Student loan data breach
The data breach occurred earlier this June and continued till July after hackers gained access through a vulnerability in the system. Edfinancial Services was notified about the data breach on July 21. Nelnet’s cybersecurity team confirmed the cyber-attack on August 17, 2022. The team then secured the system, blocked suspicious activities and fixed the issue. Third-party forensic experts are also working to find the nature and scope of the student loan data breach.
The data breach impacted Maine residents associated with organizations. According to reports, 13,709 residents were linked with Edfinancial and over 1,600 with OSLA, respectively.
After confirming the breach, Nelnet Servicing informed the US. Department of Education, which further notified law enforcement. As a part of the data breach disclosure process, the organization sent a sample letter to the Office of the Maine Attorney General and sent written notes to notify the impacted customers.
Nelnet Servicing offers help
In the sample notification letter, Nelnet Servicing offered free credit monitoring services to help the individuals impacted by the student loan data breach. It also stated to continue the service for two years through Experian IdentityWorks, which offers credit monitoring services, including credit reports and scores.
Moreover, the company is providing guidance on preventing identity theft, fraud and placing fraud alerts. They have also offered assistance to place a security freeze on the credit file and protection against tax fraud.
Additionally, Nelnet is assisting victims with special programs that include topics such as national consumer reporting agencies, monitoring free credit reports, reviewing account statements and contacting the Federal Trade Commission, state Attorney General and law enforcement to educate them about the same.