Data on more than 2,501,324 people with student loan accounts were leaked after attackers broke into the systems of technology service provider Nelnet Servicing.
Individuals with student loans from the Oklahoma Student Loan Authority (OSLA) and EdFinancial were affected because Nelnet Servicing provided them with the web portal that gives students who take out a loan access to their loan accounts.
The attackers gained access to Nelnet Servicing systems and stayed on until July 22. Although Nelnet claims to have blocked the cyberattack once the breach was discovered, investigations show that certain student loan account registration information may have been compromised.
Exposed information includes full name, physical address, email address, phone number and social security number.
Nelnet Servicing made it clear in the notification letter to the parties concerned that no financial account number or any form of payment information was exposed during the security incident.
EdFinancial and OSLA offer impacted individuals free access to a 24-month identity theft protection service through Experian with instructions on how to enroll attached in the letters.
The sources for this piece include an article in BleepingComputer.