Nelnet Announces New Data Breach that Affects Millions

September 01, 2022 | 4 minutes read
Nelnet Announces New Data Breach that Affects Millions

While the news of Joe Biden canceling tens of thousands of dollars in student loan debt for American citizens dominated the nation’s multitude of media channels earlier this week, some college graduates around the country were faced with a less promising development. More specifically, it was reported on August 26, 2022, that Nelnet, a financial services company that handles both the administration and repayment of student loans, as well as other related educational financial services, sustained a data breach that impacted as many as 2.5 million student accounts. The vast majority of these accounts belonged to the Oklahoma Student Loan Authority (OSLA) and EdFinancial Services LLC respectively, as a trove of personal information was disclosed to the general public.

As stated in an article written by online technology publication Techradar, “a letter sent by Nelnet Servicing to the affected providers said that the breach did not involve the leakage of any financial data, but that the exposed information did include full names, physical addresses, email addresses, phone numbers, and social security numbers.” However, despite the fact that the breach in question did not involve the dissemination of financial information, EdFinancial Services, and OSLA have still offered their millions of customers “free 24-month access to Experian’s identity protection and credit reporting service IdentityWorksSM, which includes benefits like a free credit check.”

Higher education and cybercrime

While many people may not associate cybercrime with institutions of higher education, the reality is that these organizations are prime targets for cybercriminals that are looking to make off with the personal information of unsuspecting victims. This is due in large part to the inherent level of personal data that a private college or public university will have access to, as the tens of thousands of students that attend a particular institution of higher education will have various data elements on file concerning their personal lives at any given time. What’s more, the exorbitant costs that are associated with successfully running a college or university also mean that certain resources will have to be cut, and cybersecurity measures can often bear the brunt of this fact.

To illustrate this point further, Lincoln College, a private liberal arts university based in Illinois, was forced to shut down permanently earlier this year after it was revealed that the institution experienced a ransomware attack in December of 2021. Likewise, the college has publically stated that they struggled to continue operating following the aforementioned ransomware attack that effectively “thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of Fall 2022 enrolment projections”. For context, Lincoln University was able to withstand a number of catastrophic events throughout the history of the school, including the Great Depression, World War II, and the Spanish Flu of 1918, among other events.

COVID-19

On top of the risks that many educational institutions within the nation faced on a daily basis as it concerns cybersecurity, the onset of the COVID-19 virus only exacerbated the problem even further, as the ensuing lockdowns and mandatory regulations forced students, professors, and administrators alike to engage in their work online. Subsequently, this created an environment that was rife for cybercrime, as most businesses and organizations around the world, in general, were not adequately prepared for an unexpected pivot toward remote learning and work. To this point, the case of Lincoln College is representative of a larger issue that institutions of higher learning have been facing for many years now.

For instance, Chester Wisniewski, principal research scientist at Sophos, a security software and hardware company, has stated that “The average cost to an organization in the private sector was $1.8 million U.S. dollars after a ransom attack,” Wisniewski said, “so it was almost a million dollars higher cost for educational institutions to recover versus a normal private sector organization.” Alternatively, Austin Berglas, global head of professional services and founding member at BlueVoyant, a cybersecurity company, was also quoted as saying “We saw an incredible increase in ransomware attacks over the past two years, 2020 and 2021, as Covid-19 pushing everybody remote really made the attack surface grow.”

As our world continues to advance further into the digital age, cyberattacks will only continue to grow in frequency, as many criminals that would have been committing physical crimes at previous points in human history have instead turned their sights to the internet. For this reason, it is imperative that institutions of higher education have the tools necessary to handle the threat of cybercrime, be it in the form of technology solutions such as a redaction software program, or through the utilization of other similar methods, including encryption, among others. To this end, all parties involved in higher education lose when a cyberattack occurs, as the disastrous outcomes of such attacks have proven to be long-lasting and far-reaching.

Related Reads

Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »
Arizona’s Proposed New Law on Public Records Requests
March 13, 2023 | 7 minutes read
Arizona’s Proposed New Law on Public Records Requests

A Bit of History The date February 14th might stand out to most of us, and if you haven’t figured out why, it’s because it is the anniversary of Arizona’s Statehood. Over 100 years ago, Arizona became the 48th state to be admitted into the United States. Since governance is as old as human history, […]

Learn More »
How to Redact Documents Properly
March 06, 2023 | 9 minutes read
How to Redact Documents Properly

To begin, it’s important to understand that not every document needing redaction will automatically be text-searchable ready. So first, you need to OCR your document.

Learn More »
What’s the Best Redaction Software for Your Organization?
February 24, 2023 | 10 minutes read
What’s the Best Redaction Software for Your Organization?

Not everyone understands the tedious work that goes into manually redacting a long video, monotonous documentation, and intense audio. Finding the right redaction software that suits all your needs can take some time. Knowing your needs, researching your options, and asking the right questions along the way will make the process much easier. Here is a simple step-by-step guide to paving the way for you to obtain the best redaction tool for you.

Learn More »
How to Redact Faces and Why It’s important to Get It Right
February 15, 2023 | 8 minutes read
How to Redact Faces and Why It’s important to Get It Right

“Redact” may not be a word you hear daily, but its meaning is pretty simple. The Oxford dictionary defines it as “to censor or obscure for legal or security purposes”, which essentially means to hide or remove.

Learn More »
Regulating the Student Data System in the State of Colorado
April 25, 2022 | 4 minutes read
Regulating the Student Data System in the State of Colorado

Colorado HB 1294 is a student data privacy and protection law that was passed in 2014 to protect the statewide student data system.

Learn More »