Skip to content

2.5 million student records, SSN, exposed in Nelnet breach

  • by
  • 2 min read

Nelnet Servicing, a US-based technology services provider, was breached. The attackers gained access to student loan records of 2,501,324 students from the Oklahoma Student Load Authority (OSLA) and EdFinancial. OLSA and EdFinancial use Nelnet’s services and web portals to give students access to their loan accounts. 

The breach occurred back in June when unknown attackers gained access to Nelnet’s systems and stayed inside until July 22. Nelnet was able to stop the attack as soon as a breach was detected. However, a subsequent investigation that concluded on August 17 concluded that the following information was accessed:

  • Full name
  • Living address
  • Email address
  • Phone number
  • Social Security Number

Nelnet has disclosed the breach to the two loan authorities, who notifying their customers. The disclosure letters claim that no financial account numbers or any payment information whatsoever were exposed. EdFinancial also noted that since not all of its clients are hosted on Nelnet’s services, the company’s entire customer base wasn’t impacted. 

The letters also detail how impacted customers can enroll in Experian’s identity theft protection services, provided for 24 months for free by both EdFinancial and OSLA. There are other precautions and safety measures detailed in the notices as well. 

That said, considering the risk the exposed data poses and the nature of the breach, law firm Markovits, Stock & DeMarco is launching an investigation into the incident to form a basis for a class action lawsuit. 

Under debt, individuals are often a target for scammers who might attempt to impersonate the loaning authority to get the victim to pay up in what can be quite elaborate social engineering scams, phishing attacks and various other scamming schemes. This increases the risk of exposure to information that might otherwise not be considered as severe. 

In the News: Snapchat launches dual-camera support for iOS, Android rollout to follow soon

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: