Major student loan provider Nelnet left over 2 million customers’ data vulnerable, as a breach this summer exposed personal information such as Social Security numbers to an unknown party for over a month.
On Aug. 26, Edfinancial Services, LLC, sent out a letter to its current and former student loan borrowers to alert them to a “vulnerability” in one of their vendors, Nelnet, LLC, which is used as a third-party student loan servicing system.
Written notices obtained from the Office of the Maine Attorney General included detailed descriptions of the ongoing investigation, as well as copies of the letters sent to affected individuals.
According to these documents, on Jul. 21, Nelnet notified Edfinancial Services that a breach of customer data occurred, including the exposure of names, addresses, email addresses, phone numbers, and Social Security numbers for over 2 million student loan borrowers.
After sounding the alarms, Nelnet launched an official investigation, which included notifying the Department of Education and other law enforcement.
According to the letter, this information became “accessible by an unknown party beginning in June 2022 and ending on July 22, 2022.”
This breach comes in the midst of President Joe Biden’s student loan forgiveness plan that is set to decrease student debt for about 32% of all student loan borrowers.
In the United States, about 48 million Americans have student loan debt. Nelnet services approximately 40% of all federal student loans.
A couple of days prior to notifying their customers that their private information may have been leaked to an unknown party, Nelnet was in the news when its website crashed immediately following Biden’s debt relief announcement.
Student loan borrowers eager to see their new balances visited Nelnet’s site so much that it went down.
Many people tweeted complaints about not being able to access the company’s website to check their accounts.
Blank screens showed that not only were people unable to access their accounts, they were unable to access the website at all.
One Twitter user even made a joke about the 15 -minute rule saying that if Nelnet’s website was down for more than 15 minutes then people were no longer obligated to pay their debt.
According to Nelnet, this data breach did impact any of its customers’ financial or payment information, such as credit card numbers or bank accounts.
Nelnet advised all of its borrowers to “remain vigilant” during the situation, prompting them to routinely monitor their accounts against identity theft and fraud over the next 24 months.
In order to mitigate any potential problems that may arise due to the breach, Nelnet is offering its customers immediate and free access to credit monitoring and theft protection through the credit reporting company Experian.
The Daily Dot has reached out to Nelnet for comment, but has not received a response.