A breach affecting 2.5 million persons might cause future problems.
EdFinancial and OSLA are alerting over 2.5 million loanees of a data breach.
Nelnet Servicing, situated in Lincoln, Neb., was the target, according to a breach disclosure letter.
Nelnet notified concerned loan borrowers on July 21, 2022.
“[Our] cybersecurity team took rapid measures to safeguard the information system, prohibit suspicious activities, and remedy the issue,” according to the letter.
An unauthorized party obtained user information by August 17. Names, addresses, email addresses, phone numbers, and SSNs for 2,501,324 student loan account holders were revealed. Financial data was safe.
Nelnet's chief counsel, Bill Munn, disclosed the breach to Maine between June 1 and July 22, 2022. A message to consumers dates the incident to July 21. 17 August 2022: Breach detected.
Nelnet Servicing, LLC (Nelnet) will close on July 21, 2022.
Nelnet said a portal provider uncovered a vulnerability that led to the incident.
Unknown vulnerability.
According to the letter, an examination found that some student loan account registration information was accessible from June to July 2022.
Loan-recipient goals
Personal information collected in the Nelnet hack "may be used in future social engineering and phishing attacks," said Tanium's Melissa Bischoping.
"With news of student debt relief, anticipate fraudsters to take advantage," Bischoping added.
The Biden administration would forgive $10,000 in student loan debt for low- and middle-income borrowers. She claimed phishing emails would utilize debt forgiveness to attract victims.
She cautions that freshly stolen data would be utilized in phishing attacks targeting students and recent grads.
"They may be deceiving because they can exploit existing business ties," she wrote.
Nelnet Servicing's cybersecurity team "took immediate measures to safeguard the information system, prevent suspicious activity, rectify the vulnerability, and initiate an investigation with third-party forensic specialists to ascertain the nature and breadth of the activity," according to the breach notice.
Remediation includes free credit monitoring, credit reports, and $1 million in identity theft insurance.