Data belonging to over 2.5 million people with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial was exposed following a breach of Nelnet Services. This represents one of several cyber-incidents occurring during the summer of 2022.
A spokesperson for OSLA has stated: “Forensics identified approximately 2.5 million borrowers with student loans serviced by Edfinancial and OSLA that were affected by this incident. Approximately 2.2 million affected borrowers are assigned to Edfinancial, while approximately 250,000 are assigned to OSLA. Of the accounts serviced by OSLA, 1,477 borrowers live in Oklahoma.”
In terms of the narrative, hackers initially gained access in June 2022 and stayed active in Nelnet’s systems until late July. According to a Nelnet investigation, people’s full names, physical addresses, email addresses, phone numbers and social security numbers have been exposed.
The investigation clarified that no financial account numbers or any form of payment information were exposed. OSLA and EdFinancial are currently in the process of notifying their customers.
The situation continues to unfold. Providing an insight for Digital Journal is Nick Tausek, Lead Security Automation Architect at Swimlane.
Tausek provides the basis for the incident and what has taken place, noting: “Data belonging to over 2.5 million people with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial have been exposed.”
He continues, stating why the institution became a target for hackers: “The abundance of sensitive information stored in Nelnet’s systems and its popularity with loan-borrowing individuals has made it a high-profile target for cybercriminals. Once accessed, this confidential information can be used to their benefit, unfortunately victimizing college students.”
There are measures that educational bodies can take to address the risks stemming from such incidents. Tausek defines these as: “To mitigate the repercussions of these kinds of attacks and assist in preventing them entirely, organizations should adopt security automation to assist with the detection and response of these threats in real time.”
He adds: “By leveraging low-code security automation platforms, organizations can implement repeatable and reliable response processes. These endpoint security tools that integrate automation help companies achieve a cohesive protection strategy that prevents cybercriminals from stealing, extorting and exposing sensitive data.”