Breach at Nelnet Exposes Millions of Borrowers
Over 2.5 million student loan recipients from EdFinancial and the Oklahoma Student Loan Authority (OSLA) have had their personal data compromised. The breach targeted Nelnet Servicing, a third-party provider that manages loan servicing portals. According to a disclosure, hackers gained unauthorized access to sensitive user information sometime between June 1 and July 22, 2022, with the breach discovered only on August 17.
The compromised data includes names, addresses, email addresses, phone numbers, and Social Security numbers. Fortunately, financial information like bank details was not affected. Nelnet responded by securing systems, blocking suspicious activity, and bringing in third-party forensic experts.
Security Risks and Response
Cybersecurity specialists warn the leaked data could be used in phishing and social engineering attacks, particularly amid rising awareness of student loan forgiveness programs. Melissa Bischoping from Tanium noted that scammers may now exploit the trust borrowers place in familiar brands to launch targeted attacks.
To mitigate risks, Nelnet is offering affected users:
Two years of free credit monitoring
Regular credit reports
Up to $1 million in identity theft insurance
This incident highlights the pressing need for stronger cybersecurity protocols in third-party platforms handling sensitive financial and identity data. As digital servicing becomes the norm, robust oversight is more critical than ever.