Cyber Incident Victim: Nelnet Servicing

The Nelnet Servicing breach occurred between June 2022 and July 22, 2022, when unauthorized actors infiltrated the systems of the technology services provider supporting student loan management for the Oklahoma Student Loan Authority (OSLA) and EdFinancial. Attackers exploited an unspecified vulnerability to compromise Nelnet's network, maintaining access for approximately six weeks before being detected and blocked by the company. On August 17, 2022, an investigation confirmed that sensitive registration data from student loan accounts had potentially been accessed during the intrusion. The breach impacted 2,501,324 individuals whose loan servicing was managed through Nelnet's web portal platform. Exposed information included full names, physical addresses, email addresses, phone numbers, and Social Security Numbers, though Nelnet confirmed no financial account numbers or payment details were accessed.

OSLA and EdFinancial initiated notifications to affected customers following the completion of the investigation, coordinating with state authorities including the Maine Attorney General's office. Both organizations clarified that only borrowers whose accounts were hosted by Nelnet Servicing were affected, with EdFinancial noting a subset of its client base relied on alternative infrastructure. Impacted individuals received guidance on enrolling in 24-month complimentary identity theft protection services provided through Experian. The exposure of highly sensitive identifiers prompted concerns over heightened risks of phishing campaigns, social engineering attempts, and impersonation scams targeting student loan borrowers. Markovits, Stock & DeMarco law firm announced an investigation into potential class action litigation in response to the incident, citing the severity of the exposed personal data. Nelnet did not publicly disclose technical details regarding the initial attack vector or specific containment measures beyond confirming the breach termination date.