US student loan provider EdFinancial and the Oklahoma Student Loan Authority (OSLA) have disclosed a data breach that exposed personally identifiable information (PII) of over 2.5 million borrowers.
According to a notice to affected individuals, the incident occurred on the network of Lincoln-based web portal provider and servicer Nelnet.
“On or about July 21, 2022, Nelnet Servicing notified EdFinancial and OSLA that it had discovered a vulnerability it believed led to this incident,” the notification letter reads. “[Our] cybersecurity team took immediate action to secure the information system, block the suspicious activity, fix the issue, and launched an investigation with third-party forensic experts to determine the nature and scope of the activity.”
Nelnet has offered no additional information on the vulnerability, which allowed unauthorized individuals to access its customer database. However, the data breach disclosure letter sheds light on the type of exposed PII.
“Nelnet’s investigation determined that the impacted information included your name, address, email address, phone number, and Social Security number,” the letter explains. “The incident did not impact the security of your financial account numbers or payment information.”
Student loaners should expect social engineering attacks
With President Biden’s administration announcing a student loan relief plan that promises to cancel $10,000 of student debt for low- to middle-income borrowers, individuals should prepare for phishing campaigns exploiting the recently breached data.
Attackers could leverage the recent incident and affiliated organizations to target indebted students with deceptive correspondence including emails, text messages and even phone calls.
Impacted individuals should closely monitor their accounts and place a fraud alert or credit freeze on their financial account to ensure personal information is not used to fraudulently extend their line of credit, open new financial accounts and ruin their credit score.
How Bitdefender can help data breach victims
To spend less time monitoring, checking and setting up fraud alerts for your accounts, consider getting Bitdefender Identity Theft Protection (for US consumers only).
Our service safeguards against identity theft-related crimes you might not always recognize, and it includes a comprehensive list of features to monitor and detect suspicious activity on all of your accounts, including:
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsNovember 14, 2024
September 06, 2024