Welcome to the
Fraud of the Day Website!

Close this search box.

Dear Student

Senior Director of Strategic Alliances
LexisNexis Risk Solutions - Government

“Dear Student, your student loan service for Federal Student Aid (FSA), is writing to make you aware of an incident that may affect the security of some of your information. While we are not aware of any actual or attempted misuse of your information…” Recently, letters like this were sent to over 2.5 million individuals in the United States. The “incident’ was a breach on the databases of Nelnet Servicing, the federal student loan servicer working on behalf of the U.S. Department of Education.

The “information” that was breached is the personal information of over 2.5 million student loan borrowers including full name, physical address, email address, phone number and SOCIAL SECURITY NUMBER.  That is all the legitimate information that a fraudster needs to obtain licenses, credit cards, loans not just limited to student loans and the opportunity to benefit from the newly announced student loan forgiveness program. Congratulations students!  Not only are you do you owe to a corrupt student loan system authorized by the government, but someone has stolen your identity!

According to the notification letter dated August 26, 2022, Nelnet informed parties that on or about July 21 it had discovered a “vulnerability” in its data bases. Upon discovery, Nelnet’s cybersecurity team took action to secure its servers, block suspicious activity and fix the issue.

But what Nelnet didn’t appear to do is notice when the breach occurred. Investigations determined that student loan account details were accessible by an unknown party beginning sometime in June 2022 and ending July 22, 2022. These fraudsters had some where between three to seven weeks gather ID’s!

There are no kudos for this Fraud of the Day, only lessons learned. This incident shows that blocking the attack as soon as it is detected is not enough. Companies need to protect with identity verification solutions while managing fraud risk before a breach such as this occurs.

It is great that ID Protection has been offered to the victims for two years.  The only problem is that the 2.5 million identities are vulnerable now for the lifetime of each individual victim.  Thanks Nelnet.

Todays Fraud of the Day is based on an article “Nelnet Servicing breach exposes data of 2.5M student loan accounts” published by Bleeping Computer on August 29, 2022

Data for over 2.5 million individuals with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial was exposed after hackers breached the systems of technology services provider Nelnet Servicing.

Technology services from Nelnet Servicing, including a web portal, are used by OSLA and EdFinancial to give online access students taking out a loan access to their loan accounts.

Related Articles

Get Your Fraud Fix!

Five days a week wake up to the most current fraud article in your inbox

Contact Us

Thank you for your interest in Fraud of the Day. For more information, please complete the following form.
To receive the most current fraud articles direct to your inbox, click the Subscribe button above.

"*" indicates required fields

Would you like to subscribe to our Blog?
We respect your privacy.
This field is for validation purposes and should be left unchanged.


Fill out the form below to receive the Daily Fraud Highlight, the Weekly Fraud Summary or both. Thank you for your interest in FraudoftheDay.com.

"*" indicates required fields

Subscription Type*
This field is for validation purposes and should be left unchanged.