A data breach of student loan servicer Nelnet Servicing (Nelnet) has affected over 2.5 million student loan borrowers throughout the United States. The breach affected individuals whose students loans are serviced by the Oklahoma Student Loan Authority (OSLA) and Edfinancial Services (Edfinancial) and compromised the names, addresses, email addresses, phone numbers and Social Security numbers of borrowers.
In July 2022, Nelnet reported to OSLA and Edfinancial that they had discovered a vulnerability believed to be the source of the breach, according to a breach notification report filed by Nelnet to the Office of the Maine Attorney General. The student loan servicer then initiated an investigation led by third-party cyber forensics professionals into the vulnerability. The investigation discovered that personal identifiable information (PII) of 2.5 million student loan borrowers was accessible by an unknown actor who gained access to the network. According to a notification letter sent to affected Edfinancial borrowers on August 26, 2022, the PII was accessible to the unknown actor between June 2022 and July 22, 2022.