More than 2.5 million student loan borrowers were affected by a data breach that Nelnet revealed on July 21. Although the company took immediate action, the stolen data was irretrievably shared with unauthorized parties.
Nelnet Servicing, a company based in Lincoln, Nebraska, is responsible for maintaining the websites of two large student loan servicers: EdFinancial and Oklahoma Student Loan Authority (OSLA). According to the letter sent by the company, it was breached and became aware of it on July 21.
An investigation launched by Nelnet found that the breach occurred sometime between the beginning of June and July 22. The data accessed by unauthorized parties included borrowers’ personal information, such as:
Fortunately, not all EdFinancial and OSLA’s clients were influenced, as Nelnet is not their only service provider. Nevertheless, more than 2.5 million student loan recipients lost their data.
Affected institutions informed their clients of the breach, advising them to remain vigilant against possible incidents of identity theft. They have also been offered free access to credit monitoring and identity theft protection for 24 months via Experian, Equifax, and TransUnion.
According to Nelnet, the most sensitive financial data has not been breached. However, the personal data of victims can be used for identity theft and phishing campaigns.
As mentioned above, hackers could use the data stolen from EdFinancial and OSLA clients in various social engineering or data theft attempts. Phishing campaigns could likely take advantage of the current political climate in the US.
President Biden recently announced a student loan relief program, promising to cancel up to $20,000 of student debt for qualifying borrowers. It means that those affected by the data breach could encounter numerous phishing scams claiming to be related to loan forgiveness. Their personal information would make the messages believable, which is why this scenario could be effective for criminals.
Nelnet, which provided its customers with information about credit monitoring and identity protection in a letter, also offers safety tips on its website. The page includes authorities to notify in case of a scamming incident.
Since many people have lost their data to hackers, it is helpful to know how to spot a scam attempt to avoid it. Phishing emails, phone calls, and text messages often share the same characteristics:
The Nelnet data breach is neither the first nor the last. Cybercrime is on the rise – the last few years have been particularly fruitful for hackers and scammers.
Individuals and companies alike have been forced to go online due to the coronavirus pandemic and lockdowns – and not everyone was prepared for it. It created great opportunities for hackers to discover new vulnerabilities.
Today, companies are more aware of the threats, but does it mean you are safe?
The Nelnet situation proves that your online security is sometimes not entirely up to you. If a large service provider is breached, its customers are harmed, and there is nothing they can do. However, such scenarios are quite rare. Many security incidents occur because individual Internet users fail to take precautions.
So, what can you do to improve your online security?