Around 2.5 million individuals have been impacted by a data breach that could have severe consequences in the future.
EdFinancial and the Oklahoma Student Loan Authority (OSLA) have commenced the process of notifying over 2.5 million loan recipients about a data breach that exposed their personal information.
The breach primarily targeted Nelnet Servicing, a web portal provider and servicing system based in Lincoln, Nebraska, which caters to OSLA and EdFinancial. The breach details were disclosed to affected borrowers through a letter sent on July 21, 2022.
In the letter, it was stated that immediate action was taken by Nelnet's cybersecurity team to secure their information systems, block any suspicious activities, address the issue, and launch an investigation with the assistance of third-party forensic experts to determine the nature and extent of the breach.
By August 17th, the investigation confirmed that unauthorized individuals had gained access to personal user data. The compromised information included names, residential addresses, email addresses, phone numbers, and social security numbers of a total of 2,501,324 individuals who held student loan accounts. Fortunately, no financial data was exposed.
A breach disclosure filing submitted by Bill Munn, Nelnet's general counsel, to the state of Maine revealed that the breach occurred between June 1, 2022, and July 22, 2022. However, the letter sent to affected customers specified the breach date as July 21, 2022. The breach was subsequently discovered on August 17, 2022.
Nelnet, in its statement, mentioned that the vulnerability leading to the incident was discovered in their servicing system and customer website portal provider, Nelnet Servicing, LLC (Nelnet). However, the exact nature of the vulnerability remains undisclosed.
Although the breach did not compromise sensitive financial information, Melissa Bischoping, an endpoint security research specialist at Tanium, warns that the exposed personal data could be exploited in future social engineering and phishing campaigns. Bischoping explains that scammers might take advantage of the recent news regarding student loan forgiveness to lure victims into opening phishing emails.
Recently breached data is expected to be used in waves of phishing campaigns targeting students and recent graduates, as attackers can exploit the trust established through existing business relationships, making their tactics more deceptive.
Nelnet Servicing promptly responded to the breach by securing their information systems, mitigating the suspicious activity, resolving the issue, and initiating an investigation with the assistance of third-party forensic experts to determine the full extent of the breach, as per the breach disclosure.
Additionally, remedial measures include providing two years of free credit monitoring, credit reports, and identity theft insurance coverage of up to $1 million.
Comments
Post a Comment