Data for over 2.5 million individuals with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial was exposed after hackers breached the systems of technology services provider Nelnet Servicing.
Technology services from Nelnet Servicing, including a web portal, are used by OSLA and EdFinancial to give online access students taking out a loan access to their loan accounts.
Sometime in June, unidentified intruders compromised Nelnet Servicing and stayed on its systems until July 22. The hackers compromised the company’s network likely after exploiting a vulnerability.
A sample notification letter to impacted parties sent to the Office of the Maine Attorney General as part of the data breach disclosure process, Nelnet Servicing has informed OSLA and EdFinancial, who are notifying their customers.
Although Nelnet states it blocked the cyberattack as soon as the breach was detected, a subsequent investigation that was completed on August 17, 2022, determined that certain student loan account registration information might have been accessed.
