December 7, 2022 By Jonathan Reed 2 min read

Over 2.5 million student loan accounts were breached in the summer of 2022, according to a recent Maine Attorney General data breach notification. The target of the breach was Nelnet Servicing, a servicing system and web portal provider for the Oklahoma Student Loan Authority (OSLA) and EdFinancial.

An investigation determined that intruders accessed student loan account registration information between June and July 2022. The stolen data includes names, addresses, emails, phone numbers and social security numbers for 2,501,324 student loan account holders. According to Nelnet, the breach did not expose users’ financial information. At this time, it’s unclear exactly how the breach occurred or who was behind the attack.

News of the breach states that the OSLA security team blocked suspicious activity and launched an investigation with forensic experts. The lender has also notified law enforcement agencies. Some are concerned about the future implications of this incident for student loanees.

Potential future threat to student loan holders

In August 2022, President Biden announced a massive student loan relief plan. This plan impacts millions of borrowers. While the program itself remains stalled in appeals court, the information stolen in the OSLA / Nelnet breach could still take advantage of the loan forgiveness plan. For example, actors could use the stolen emails to contact unsuspecting loan holders. Through social engineering or phishing scams, borrowers could be duped by nefarious actors. The schemes could also be used to access bank accounts or other sensitive data.

Was it a credential hack?

While the exact details of the OSLA breach are still unclear, the breach did involve the Nelnet web portal. This suggests that stolen credentials may have provided access. This continues to be one of the most common ways intruders breach systems. Given that so much work occurs remotely and in the cloud, securing networks is more challenging than ever.

The reality is that these types of attacks are all too common. According to one report, 83% of surveyed organizations have had more than one data breach. Also, 45% of the incidents studied were cloud-based. Meanwhile, the average total cost of a data breach has reached $4.35 million.

Security against data breaches

Today’s realities, such as cloud and remote work, have driven the development of new access security solutions. One example is single sign-on which provides centralized access control, strong authentication and user self-service. Additional security layers, such as multifactor authentication or passwordless access, can also be applied to data and applications.

Another powerful security tool is adaptive access, which continuously evaluates user risk for higher accuracy. This method uses machine learning and AI to analyze key parameters, such as user, device, activity, environment and behavior. This is how adaptive access leverages context to determine holistic risk scores. The analysis drives more accurate, contextual authentication decisions to strengthen security.

The OSLA / Nelnet breach was not an isolated event. These incidents are all too common. Organizations should take measures to provide themselves and their customers with adequate protection.

More from Data Protection

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

Cost of data breaches: The business case for security AI and automation

3 min read - As Yogi Berra said, “It’s déjà vu all over again.” If the idea of the global average costs of data breaches rising year over year feels like more of the same, that's because it is. Data protection solutions get better, but so do threat actors. The other broken record is the underuse or misuse of technologies that can help safeguard data, such as artificial intelligence and automation.IBM’s 2024 Cost of a Data Breach (CODB) Report studied 604 organizations across 17…

Cost of a data breach: The industrial sector

2 min read - Industrial organizations recently received a report card on their performance regarding data breach costs. And there’s plenty of room for improvement.According to the 2024 IBM Cost of a Data Breach (CODB) report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.These figures place the industrial sector in third place for breach costs among the 17 industries studied. On average, data breaches cost industrial…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today