More than 2.5 million people with student loan accounts with EdFinancial and the Oklahoma Student Loan Authority had their data compromised following a cyberattack
against technology services provider Nelnet Servicing, BleepingComputer
Nelnet Servicing was infiltrated by still unidentified threat actors from June to July 22 and while it noted that the attack was immediately blocked after the detection of a breach, further investigation revealed that 2,501,324 individuals' student loan account registration information were possibly accessed.
Information exposed in the breach includes individuals' full names, physical and email addresses, phone numbers, and Social Security numbers, but Nelnet emphasized that the incident did not compromise any financial account numbers and payment details.
Both EdFinancial and OSLA have already begun notifying potentially impacted customers, but EdFinancial clarified that not all of its clients are affected as Nelnet Servicing is not its sole technology provider. Individuals whose data may have been affected by the incident have been advised to avail free identity theft protection services provided by EdFinancial and OSLA.