A man uses a laptop in a cafe in downtown Hanoi. -AFP
Data belonging to more than 2.5 million people with student loans from the Oklahoma Student Loan Authority (OSLA) and EdFinancial was exposed following a breach of Nelnet services. This represents one of many cyber incidents occurred in the summer of 2022.
An OSLA spokesperson said“Forensics has identified approximately 2.5 million borrowers with student loans managed by Edfinancial and OSLA who were affected by this incident. Approximately 2.2 million affected borrowers are assigned to Edfinancial, while approximately 250 000 are assigned to OSLA Of the accounts managed by OSLA, 1,477 borrowers live in Oklahoma.
At the story level, hackers first gained access in June 2022 and remained active in Nelnet’s systems until the end of July. According to an investigation by Nelnet, people’s full names, physical addresses, email addresses, phone numbers and social security numbers were exposed.
The investigation clarified that no financial account numbers or any form of payment information were exposed. OSLA and EdFinancial are currently in the process of notifying their customers.
The situation continues to unfold. Provide insight for Digital diary is Nick Tausek, Principal Security Automation Architect at Corridor.
Tausek provides the basis for the incident and what happened, noting: “Data belonging to more than 2.5 million people with student loans from the Oklahoma Student Loan Authority (OSLA) and EdFinancial were exhibited.”
He goes on to explain why the institution has become a target for hackers: “The abundance of sensitive information stored in Nelnet’s systems and its popularity with borrowers has made it a prime target for cybercriminals. Once accessed, this confidential information can be used to their advantage, unfortunately victimizing students.
There are steps that educational organizations can take to address the risks arising from such incidents. Tausek defines them as follows: “To mitigate the impact of these types of attacks and help prevent them entirely, organizations must embrace security automation to help detect and respond to these threats in real time. “
He adds, “By leveraging low-code security automation platforms, organizations can implement repeatable and reliable response processes. These endpoint security tools that incorporate automation help organizations implement a cohesive protection strategy that prevents cybercriminals from stealing, extorting, and exposing sensitive data.