Security News > 2022 > August > Student Loan Breach Exposes 2.5M Records

EdFinancial and the Oklahoma Student Loan Authority are notifying over 2.5 million loanees that their personal data was exposed in a data breach.

The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, according to a breach disclosure letter.

Nelnet revealed the breach to affected loan recipients on July 21, 2022 via a letter.

According to a breach disclosure filing submitted by Nelnet's general counsel, Bill Munn, to the state of Maine the breach occurred sometime between June 1, 2022 and July 22, 2022.

Although users' most sensitive financial data was protected, the personal information that was accessed in the Nelnet breach "Has potential to be leveraged in future social engineering and phishing campaigns," explained Melissa Bischoping, endpoint security research specialist at Tanium, in a statement via email.

According to the breach disclosure Nelnet Servicing informed Edfinancial and OSLA that Nelnet Servicing's cybersecurity team "Took immediate action to secure the information system, block the suspicious activity, fix the issue, and launched an investigation with third-party forensic experts to determine the nature and scope of the activity."

News URL

https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/