Well Timed or Coincidental, Cue the Phishing Attacks as 2.5M Students Affected by Data Breach

Just days after the President of the United States announces a plan for student loan forgiveness, we are learning about 2.5 million student borrowers who’ve had their personal information exposed in a data breach. Not only is there a heightened risk of identity theft as a result of the personally identifiable information (Pii) that was exposed, there could also be an increased risk of falling victim to very timely and convincing phishing attacks.

Third Party Data Breach Exposes 2.5 Million Students.

Over 2.5 million individuals with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial have had their information exposed as hackers breached the systems of a third party services provider, Nelnet Servicing.

The third party service provider enables online access for students to manage their loan accounts, make payments, and keep track of their financial information.

Extent of the Student Borrower Data Breach.

It appears Nelnet suffered the breach in July 2022 and an investigation completed by forensic-experts in August 2022 revealed the extent of the breach, the users affected, and the data that was compromised. The organisation estimates that approximately 2,501,324 individuals have been impacted by  the breach.

Exposed user information includes:

• Full name
• Physical address
• Email address
• Phone number
• Social Security Number

So far it looks like no financial account or payment information has been exposed as a result of the incident.

Cue the Phishing Attempts.

Phishing attempts where an attacker tries to induce everyday people to reveal personal information, passwords, or banking information are all too common. We’ve seen them before, the rogers outage, the recent twilio breach, and the all too classic tax season phishing attempts

Pair the recent news of the Biden administration’s plan to forgive student loans with a data breach affecting 2.5M student borrowers and it is only fair to anticipate a significant uptick in phishing attempts on those affected by this breach. Operating under the guise of current events and being equipped with this level of personal information, a malicious actor can launch a more convincing phishing attempt. 

The very real risk of identity theft aside, student borrowers who were exposed by the breach can expect to receive detailed phishing attempts containing their exposed personal information. These phishing attempts will be trying to extract more information such as passwords and financial information and might use the student information as follows:

"Hi First Name,

This is Nelnet, your student loan processor. The United States Government recently announced their student loan forgiveness plan. According to your SSN on file 123 456 789, you are eligible for loan forgiveness. As a consequence we are forgiving your loan, please click this not so dubious link to proceed."

Even convincing just 2% of those affected by the breach could result in 50 thousand people falling victim to a phishing attempt. That means in addition to the recommended vigilance against identity theft, these individuals should pay special attention to the emails they receive, where they are from, and what they are requesting.

Inheriting Vendor Cyber Risk.

Vendors and third parties often provide vital services and can streamline operational efficiency. Unfortunately, third parties and vendors are a common target for cyber criminals because of the access to your organisation resources and data that they may share. Vendors and third parties can offer significant value, but your organisation might also be inheriting their cyber risk. In the case of this data breach, it appears a third party service provider, Nelnet, was the source.

What can Your Organisation do to Improve Security?

While it is still unclear exactly how the service provider for the OSLA and EdFinancial was breached, adopting a defense in depth strategy could be the difference between becoming the next news headline or not. 

Defense in depth is a security strategy and concept that requires multiple layers of security controls to gain access to a resource. Multiple layers of security not only delays an attacker but it increases their costs when attempting to breach your systems. The more difficult and expensive it is to launch an attack, the more likely a cyber criminal will look elsewhere.  

Zero Trust Network Access is a powerful security framework and approach to implementing a defense in depth strategy to enable secure access to shared resources while greatly improving cyber resilience. Under a Zero Trust framework, users and resources are segmented and your organisation is able to provide least privilege access for authorised users. Every user must verify their identity and requires the permissions and privileges for access. Meanwhile your organisation can keep track of employees and service providers and what they are doing while they access your systems through detailed auditing.

Get in touch with our team to learn more about implementing Zero Trust to adopt a defense in depth strategy to secure your organisation resources, customers, and service providers.