Approximately 2,501,324 individuals were affected by network breaches by technology service provider Nelnet Servicing. Malicious attackers stole data about student loan accounts from Nelnet Servicing’s two clients, the Oklahoma Student Loan Authority (OSLA) and EdFinancial.
Oklahoma Student Loan Authority and EdFinancial have used a technology solution from Nelnet Servicing to give people online access to their student loan accounts.
The hacker compromised the system after exploiting the vulnerability sometime in June 2022, but was not identified and remained on the network until July 22.
Stolen Data
“Nelnet Servicing, a sample notification letter to affected parties sent to the main Attorney General’s office as part of the data breach disclosure process, informed OSLA and EdFinancial notifying customers.” blipping computer.
Nelnet blocked the cyberattack as quickly as possible after it was detected, but further investigation on August 17 revealed that some student loan account registration information may have been used.
Exposed data includes the customer’s full name, physical address, email address, phone number and social security number.
EdFinancial also emphasizes that not all customers are hosted on Nelnet Servicing, so not all students who take out loans will be affected by the data breach.
How victims can protect themselves
Although the letter states that the data breach did not expose information about financial account numbers or payment details, hackers could launch further attacks with the data they have.
Cybercriminals with stolen data can launch phishing attacks, social engineering, online impersonation, and a variety of fraudulent tactics.
EdFinancial and OSLA are giving affected individuals free access to 24-month identity theft protection services through Experian, instructions on how to register are enclosed in the letter.
Victims are encouraged to take immediate steps to protect themselves from fraud:
- Sign up for Experian’s IdentityWorks service
- Boundary marking for all incoming communications
- Closely monitor bank statements
- ask for a credit report
- credit freeze
Since this cybercrime was of that magnitude, legal action is considered. Presented by law firm “Markovits, Stock & DeMarco” inspection It can turn into a class action lawsuit.
Follow this article if you like it. LinkedIn, Twitter, Facebook, Youtubeand Instagram More cybersecurity news and topics.