Third-party Services Breached for 2.5 million Loan Application Records!

Both EdFinancial and the Oklahoma Student Loan Authority (OSLA) use technology services from Nelnet Servicing, including giving students access to loan applications and information via their web portals. 

From June until the 22nd of July of this year, hackers infiltrated the NelNet systems, accessing over 2.5 million individual records of student loan account registration information, including personally identifiable information (PII), contact information and social security numbers. It is believed they gained access through an unpatched vulnerability. (What a surprise.)

When notifying the affected individuals, the OSLA and EdFinancial stated that fortunately, no account numbers or payment information was leaked. Unfortunately, the risk of these individuals being targeted for scams, phishing attacks and identity fraud has increased exponentially. An investigation was launched by a law firm with potential for a class action lawsuit.

Vigilance is not enough. The gravity and regularity of situations like these only further highlights the necessity to strengthen information security and its protective controls. 

  1. Your organization should undergo a thorough risk assessment to identify vulnerabilities, weak spots or areas that can use improvement. 
  2. The most efficient way to remediate risks is by working with an official information security framework that is tailor-made for your industry. 
  3. Deploy a risk management tool that will assist you to improve your security posture on a continuous basis through monitoring, remediation tracking, regular scanning and official security frameworks.
  4. Use an automated tool to save hundreds of hours onboarding, assessing the third parties you do business with, tracking progress and generating reports so you can see exactly what is going on. 

Don’t wait until you are breached. You can take action today and preempt the threat actors for a safer future!

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days

Start automating your risk management
Skip to content