Dark Web Markets Sold 2.5 Million Students’ Info
After hackers broke into the servers of technology services provider, “Nelnet Servicing”, the personal data of over 2.5 million people with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial was made public.
Previously, students who took out loans were able to access their loan accounts online, thanks to technology provided by Nelnet Servicing, including a web interface used by OSLA and EdFinancial. However, unknown hackers took advantage of this feature – breaking into Nelnet at a yet-to-be-identified time in June, and remaining in their software until July 22nd, 2022 as they wrought havoc on millions of lives, leaking their information in a massive data breach. As of now, there have been about 2,501,324 people affected by the breach and counting.
According to the official statement released by Nelnet, the entity claims it stopped the breach as soon as the compromise was discovered. However, a subsequent investigation revealed on August 17th, 2022, found that student loan registration data was most like still accessed. Among the revealed data, the entire names of customers were released, alongside their physical addresses, emails, and phone numbers. Their social security numbers were also exposed.
Strangely enough, the statements provided makes it clear that the incident didn’t expose financial information of any kind.
EdFinancial further emphasizes that not all of its clients are hosted by Nelnet Servicing, which means that not all students who obtained a loan through their portals were affected by the data leak. Despite this, the law firm “Markovits, Stock & DeMarco” already began an inquiry into the possibility of a class action lawsuit, due to the magnitude of this breach. Not only will hackers use the stolen info in social engineering, impersonation, and other scams, but the danger of exposure has also increased tenfold, due to loans being such a delicate subject.
As of now, both EdFinancial and OSLA provide affected individuals with free 24-month Experian identity theft protection service access, along with information on how to sign up, in recently issued letters. According to the statement sent to impacted borrowers, EdFinancial advises the victims to be alert of fraud over the next 24 months.
All compromised customers are to remain vigilant of their account statements and keep an eye on free credit reports, suspicious activity, and other inaccuracies. It is also a good idea to review bank account statements, as well as request a credit report. In high-risk situations, freezing one’s credit is a valid option, until further notice.