Data for over 2.5 million individuals with student loans from Oklahoma Student Loan Authority and EdFinancial was exposed after hackers breached the systems of technology services provider Nelnet Servicing.
Technology services from Nelnet Servicing, including a web portal, are used by OSLA and EdFinancial to give online access students taking out a loan access to their loan accounts.
Unidentified intruders compromised Nelnet Servicing and stayed on its systems until July 22.
A sample notification letter to impacted parties sent to the Office of the Maine Attorney General as part of the data breach disclosure process, Nelnet Servicing has informed OSLA and EdFinancial, who are notifying their customers.
Although Nelnet states it blocked the cyberattack as soon as the breach was detected, a subsequent investigation that was completed on August 17, 2022, determined that certain student loan account registration information might have been accessed.
EdFinancial also underlines that not all its clients are hosted by Nelnet Servicing, so not all students that took a loan through them are impacted by the data breach.