Cyber Incident Victim: EdFinancial
Date:
Jun 2022
Location:
United States of America
Summary
A cybersecurity breach at Nelnet Servicing compromised sensitive data from over 2.5 million student loan accounts managed for EdFinancial and another financial entity. Unauthorized actors accessed registration details including names, addresses, email and phone numbers, and Social Security Numbers, though no payment information was exposed. The intrusion occurred over approximately one month before being contained, with subsequent investigations confirming potential data exposure. Not all borrowers were affected, as only accounts hosted by Nelnet were impacted. The incident heightened risks of phishing and identity theft, prompting the offering of complimentary identity protection services to victims. A law firm initiated an investigation into potential legal action following the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In June 2022, unauthorized actors breached the systems of Nelnet Servicing, a technology provider supporting student loan management services for the Oklahoma Student Loan Authority (OSLA) and EdFinancial. The attackers exploited an unspecified vulnerability to gain access to Nelnet’s network, remaining undetected until July 22, 2022, when the company blocked the intrusion. A subsequent forensic investigation concluded on August 17, 2022, confirmed that the attackers potentially accessed sensitive registration data from a web portal used by OSLA and EdFinancial to provide online account access to borrowers. The breach impacted 2,501,324 individuals who had student loans administered through these organizations. Exposed information included full names, physical addresses, email addresses, phone numbers, and Social Security Numbers, but no financial account numbers or payment details were compromised. EdFinancial clarified that only borrowers whose accounts were hosted by Nelnet Servicing were affected, excluding a portion of its client base from the incident.
Nelnet Servicing notified OSLA and EdFinancial of the breach, prompting both organizations to issue individual notifications to impacted borrowers starting in late August 2022. These notifications included instructions for enrolling in a complimentary 24-month identity theft protection service provided by Experian. The breach’s scope raised concerns about heightened risks of phishing, social engineering, and impersonation attacks due to the sensitivity of loan-related personal data. In response to the incident, the law firm Markovits, Stock & DeMarco initiated an investigation into potential class action litigation against Nelnet Servicing, citing the severity of the data exposure. Neither Nelnet nor the loan servicers disclosed technical specifics about the vulnerability exploited, the duration of initial access prior to detection, or whether additional security measures were implemented post-incident beyond terminating the unauthorized access.