If you hold a student loan through EdFinancial and the Oklahoma Student Loan Authority (OSLA) there’s a good chance your personal identifiable information (PII) data has been exposed via a breach at Nelnet Servicing.
2.5 million loanees had the following exposed:
- Home Addresses
- Email Addresses
- Phone Numbers
- Social Security Numbers
According to a letter filed with the State of Maine (read it here), the breach occurred between June 1, 2022 and July 22, 2022. Bill Munn, Nelnet’s general counsel, said in the letter that Nelnet first notified EdFinancial and OSLA on the 21st of July to let them know of the breach.
What to do if your PII data has been exposed:
It’s easy to feel helpless when something like this happens. Luckily, that’s all in your head and there are things you can do immediately to take control of the situation and insure any data that’s been stolen doesn’t negatively impact you. Here’s a quick list to help you out:
- Run a Leaked Credential Report – Most people don’t know how to see whether or not their credentials have been exposed. That’s where services like Have I Been Pwned come in. The service keeps track of data breaches and allows users to enter their email addresses and see if it’s been exposed on the Dark Web. Results come up instantly and they tell you which services you use have been compromised. Security7 offers a similar service for businesses, that you can sign up for if you’re worried your business email has been compromised.
- Monitor and/or Freeze Your Credit Reports – This is a legitimate pain in the rear end but it’ll protect you better than anything else. The three big credit bureaus (TransUnion, Equifax, Experian) all allow people the ability to not only check their credit scores for free once a year but the ability to FREEZE their credit report as well. Once frozen no one can open up new accounts in your name (using information potentially stolen from T-Mobile or somewhere else). Now, if there’s a downside to this (and there is), it’s this; you’ll need to jump through hoops to unfreeze your credit reports and it’ll cost you a couple of bucks in the process. Yeah, it’s still better than having your identity stolen, but it’s a hassle and the credit bureaus are not…user-friendly. Of course, your mileage may vary.
- Close Zombie Accounts – Braaaaaains! Sorry, couldn’t resist. A zombie account is an account you signed up for or opened and then promptly abandoned. Maybe you didn’t like the service. Maybe you completely forgot about it. Either way, it’s out there, shuffling along on the internet, just waiting to be snatched up. Trying to remember where you spread out information can be difficult, thankfully most internet browsers record password instances and a simple search through your settings could reveal where some of these are. If you’re a more advanced user you might even have a password management service that does the very same thing. The important thing to do is spend some time finding out where these accounts are and then terminating them with extreme prejudice like you’re a member of the ever-present biker gang in a George Romero movie and you’re out hunting the undead.
Other than that, there’s not much more you can do. Keep vigilant, make sure you pay attention to your credit reports, etc. Being mindful that the information is out there (and is never going back under-wraps) means you’ve got to be proactive going forward.