Nelnet loan service data breach: What you should know

A student loan servicing technology, Nelnet Servicing, reported a data breach exposing personal information of students with loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial. While this breach is not involved with any University of Kentucky systems, UK Information Technology Services (UK ITS) would like to make students aware of the potential implications of this breach. 

What happened? 

Further investigation of the Nelnet Services breach indicates that student loan information of over 2.5 million individuals was exposed. This information includes full name, physical address, email address, phone number and Social Security number. It did not include financial information. 

What does this mean for me? 

If you were impacted by this breach, it means that bad actors could use your information for subsequent attacks like phishing, social engineering, impersonation and various scamming schemes. If your information was exposed by this breach, you should have received a notification from OSLA or EdFinancial. 

What should I do? 

UK ITS recommends remaining diligent in protecting yourself from identity fraud and to be closely monitoring bank accounts and financial statements. Enabling two-factor authentication for any accounts that offer it is strongly encouraged. Regularly checking credit reports is also advised. 

For more information about this breach see the Maine Attorney General’s filing of the Data Breach Notification. UK ITS has cybersecurity education resources available at http://its.uky.edu/cybersafe. Those interested in learning more about different types of cybersecurity attacks can visit www.fbi.gov/investigate/cyber.