What to do if your personal data was compromised in the massive student loan breach of 2022
Your personal information may have recently been exposed in the massive cyberattack at the student loan tech services firm, Nelnet. If you’ve received a letter from your student loan provider in the past few weeks, you might be familiar with the case.
The data leaked includes all the key ingredients for phishing, scams and fraud — names, social security numbers, phone numbers, addresses and email addresses.
If you’re one of the nearly 2.5 million affected borrowers, here’s what you need to know, and what you can do to protect yourself.
Who was affected
The Lincoln, Neb.-based Nelnet is the largest third-party loan tech provider, servicing around 40% of all federal loans. However, just two of Nelnet’s clients — Oklahoma Student Loan Authority (OSLA) and EdFinancial Services LLC — were victims of the breach. Not all of the companies’ customers had their data exposed, so even if you hold loans with these companies, it’s possible your info is still protected.
What happened
The leak occurred in June and July but wasn’t discovered and shut down until August, when Nelnet alerted OSLA and EdFinancial. At that point, the two companies started sending out letters notifying borrowers. Some have suggested (or at least joked) the breach was related to Nelnet’s website crashing after Biden announced his $10,000 in student loan forgiveness, as students flocked to the site to check their balance.
What information was stolen
Full names, email addresses, personal addresses, phone numbers and SSNs were all accessed in the breach. Nelnet says no financial or payment information, like bank accounts and credit card numbers, were stolen.
What you can do to stay safe
If you received a letter from your loan providers, you should closely monitor your bank accounts and credit score for suspicious activity or errors, according to both EdFinanical and OSLA
Nelnet is also offering affected customers two years of free credit card monitoring and theft protection via Experian (we strongly suggest taking advantage of this — in addition to helping you monitor your accounts, Experian can help investigate and repair any identity theft, including contacting credit agencies and the government). Instructions for how to enroll will be enclosed in the letter. If you have questions, you can call Experian’s dedicated helpline for this issue at (833) 559-0223.
After any kind of data breach or leak, experts also suggest:
Being extra vigilant about phishing emails and “smishing” scam texts
Placing a freeze on your credit score
Changing important passwords (to help up your password game, you can use apps like Dashlane, LastPass or Keeper) or setting up two-factor authentication
Deleting old accounts on sites like eBay and PayPal
Notifying your bank or credit card issuer so that they can help monitor your accounts as well.
The firms may still be notifying affected customers so keep an eye out for a letter if you use either OSLA or EdFinanical.
Markovits, Stock & DeMarco, a Cincinnati-based class-action law firm that specializes in data breach cases, is also reportedly investigating claims on behalf of the victims. So keep an eye out for information about potential legal action, as well as suspicious emails or credit score fluctuations.
View the original article at Chegg Life and signup for the Chegg Life Newsletter
Related...
