Dear Student

Binary data with the word IDENTITY appears in the shadow of a hand. Concept for digital crime. Blue toned image.

“Dear Student, your student loan service for Federal Student Aid (FSA), is writing to make you aware of an incident that may affect the security of some of your information. While we are not aware of any actual or attempted misuse of your information…” Recently, letters like this were sent to over 2.5 million individuals in the United States. The “incident’ was a breach on the databases of Nelnet Servicing, the federal student loan servicer working on behalf of the U.S. Department of Education.

The “information” that was breached is the personal information of over 2.5 million student loan borrowers including full name, physical address, email address, phone number and SOCIAL SECURITY NUMBER.  That is all the legitimate information that a fraudster needs to obtain licenses, credit cards, loans not just limited to student loans and the opportunity to benefit from the newly announced student loan forgiveness program. Congratulations students!  Not only are you do you owe to a corrupt student loan system authorized by the government, but someone has stolen your identity!

According to the notification letter dated August 26, 2022, Nelnet informed parties that on or about July 21 it had discovered a “vulnerability” in its data bases. Upon discovery, Nelnet’s cybersecurity team took action to secure its servers, block suspicious activity and fix the issue.

But what Nelnet didn’t appear to do is notice when the breach occurred. Investigations determined that student loan account details were accessible by an unknown party beginning sometime in June 2022 and ending July 22, 2022. These fraudsters had some where between three to seven weeks gather ID’s!

There are no kudos for this Fraud of the Day, only lessons learned. This incident shows that blocking the attack as soon as it is detected is not enough. Companies need to protect with identity verification solutions while managing fraud risk before a breach such as this occurs.

It is great that ID Protection has been offered to the victims for two years.  The only problem is that the 2.5 million identities are vulnerable now for the lifetime of each individual victim.  Thanks Nelnet.

Todays Fraud of the Day is based on an article “Nelnet Servicing breach exposes data of 2.5M student loan accounts” published by Bleeping Computer on August 29, 2022

Data for over 2.5 million individuals with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial was exposed after hackers breached the systems of technology services provider Nelnet Servicing.

Technology services from Nelnet Servicing, including a web portal, are used by OSLA and EdFinancial to give online access students taking out a loan access to their loan accounts.

Previous articleCommitting Fraud to Pay for Another Fraud
Next articleThe White Lab Coat

Larry Benson, Senior Director of Strategic Alliances, LexisNexis Risk Solutions - Government

Larry Benson is responsible for developing strategic partnerships and solutions for the government vertical. His expertise focuses on how government programs are defrauded by criminal groups, and the approaches necessary to prevent them from succeeding.

Mr. Benson has 30 years of experience in sales and business development. Before joining LexisNexis® Risk Solutions, he spent 12 years founding and managing two software technology startups. During the 1990s he spent 10 years as a Regional Director helping to grow a New England-based technology company from 300 employees to 7,000. He started his career with Martin Marietta Aerospace working on laser guided weapons and day/night vision systems.

A sought-after speaker and accomplished writer, Mr. Benson is the principal author of “Fraud of the Day,” a website dedicated to educating government officials about how criminals are defrauding government programs. He has co-authored WTF? Where’s the Fraud? How to Unmask and Stop Identity Fraud’s Drain on Our Government, and Data Personified, How Fraud is Changing the Meaning of Identity.

Benson holds a Bachelor of Science in Physics from Albright College, and earned two graduate degrees – a Master of Business Administration from Florida Institute of Technology, and a Master of Science in Engineering from Lehigh University.