US student loan provider EdFinancial and the Oklahoma Student Loan Authority (OSLA) have disclosed a data breach that exposed personally identifiable information (PII) of over 2.5 million borrowers.
According to a notice to affected individuals, the incident occurred on the network of Lincoln-based web portal provider and servicer Nelnet.
“On or about July 21, 2022, Nelnet Servicing notified EdFinancial and OSLA that it had discovered a vulnerability it believed led to this incident,” the notification letter reads. “[Our] cybersecurity team took immediate action to secure the information system, block the suspicious activity, fix the issue, and launched an investigation with third-party forensic experts to determine the nature and scope of the activity.”
Nelnet has offered no additional information on the vulnerability, which allowed unauthorized individuals to access its customer database. However, the data breach disclosure letter sheds light on the type of exposed PII.
“Nelnet’s investigation determined that the impacted information included your name, address, email address, phone number, and Social Security number,” the letter explains. “The incident did not impact the security of your financial account numbers or payment information.”
Student loaners should expect social engineering attacks
With President Biden’s administration announcing a student loan relief plan that promises to cancel $10,000 of student debt for low- to middle-income borrowers, individuals should prepare for phishing campaigns exploiting the recently breached data.
Attackers could leverage the recent incident and affiliated organizations to target indebted students with deceptive correspondence including emails, text messages and even phone calls.
Impacted individuals should closely monitor their accounts and place a fraud alert or credit freeze on their financial account to ensure personal information is not used to fraudulently extend their line of credit, open new financial accounts and ruin their credit score.
How Bitdefender can help data breach victims
To spend less time monitoring, checking and setting up fraud alerts for your accounts, consider getting Bitdefender Identity Theft Protection (for US consumers only).
Our service safeguards against identity theft-related crimes you might not always recognize, and it includes a comprehensive list of features to monitor and detect suspicious activity on all of your accounts, including:
- 24/7 data breach monitoring and fraud alerts
- Continuous monitoring of your identity to ensure that only you and your family use your medical benefits
- Instant alerts whenever your personal information is at risk
- Credit monitoring and lost or stolen wallet assistance
- Restoration services including expert assistance and access to your dedicated resolution specialist
- Up to $2 million in identity theft insurance to help you cover legal fees and other costs for fixing your identity