HomeWinBuzzer NewsOSLA/Edfinancial Breach: Student Loan Data Breach Left Personal Details of over 2...

OSLA/Edfinancial Breach: Student Loan Data Breach Left Personal Details of over 2 Million People Exposed

A student loan data breach on NelNet Servicing exposed the personal information of over 2 million loanees with EdFinancial and the OSLA.


Over 2.5 million people who have student loans with EdFinancial and the Oklahoma Student Loan Authority (OSLA) have been put at risk from a data breach. Both financial lenders are notifying loanees about the potential theft of their personal data following a successful hack. This student loan data breach went nearly two months undetected.

However, it is not the lenders themselves who were targeted. Instead, threat actors successfully breached Nelnet Servicing. Based in Lincoln, Nebraska, this is the servicing system and web portal provider for both EdFinancial and OSLA.

NelNet Servicing sent a breach disclosure letter to loan customers who were affected by the breach. This letter was sent July 21, 2022 and highlighted how an investigation was underway:

“[Our] team took immediate action to secure the information system, block the suspicious activity, fix the issue, and launched[sic] an investigation with third-party forensic experts to determine the nature and scope of the activity,” the letter reads.

On August 17, the company's investigation found user information from loanees was indeed accessed by bad actors. Unauthorized parties were able to see and take information such as home addresses, phone numbers, names, social security numbers, and email addresses.


NelNet has filed a breach disclosure with the state of Maine. The company's general counsel, Bill Munn, points out the attack happened between June 1 and July 2022 of this year. However, the breach was not found until August 17.

“On July 21, 2022, Nelnet Servicing, LLC (Nelnet), our servicing system and customer website portal provider, notified us that they had discovered a vulnerability that we believe led to this incident,” according to the Nelnet.

“On August 17, 2022, this investigation determined that certain student loan account registration information was accessible by an unknown party beginning in June 2022 and ending on July 22, 2022,” the letter adds.

While personal information was accessed, it seems financial information was not attainable for the attackers. Even so, this is a large attack with 2,501,324 student loanees affected by the breach.

Tip of the day: Whether it's for a presentation, song, or YouTube video, at some point in your life you'll need to record audio from your computer. has multiple options to record sound due to its litany of apps. In our tutorial, we show you how to record audio using the built-in Windows 10 Voice Recorder and the freeware audio editor Audacity.


Last Updated on September 6, 2022 3:18 pm CEST

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News