Nelnet Servicing, LLC Data Breach Leaks Social Security Numbers of 2.5 Million Student Loan Borrowers | Console and Associates, P.C.

Date:

On August 26, 2022, Edfinancial Services, LLC reported a data breach resulting from an incident that the company believes originated at Nelnet Servicing, LLC, a third-party vendor used by Edfinancial for its service system and customer website portal. According to Nelnet, the breach has resulted in the names, addresses, email addresses and social security numbers of certain borrowers being compromised. Recently, based on information received from Nelnet, Edfinancial Services sent data breach letters to all parties involved to inform them of the incident and what they can do to protect themselves from identity theft and other frauds.

If you have been notified of a data breach, it is essential that you understand what is at risk and what you can do about it. For more information on how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are after the Nelnet Servicing data breach, see our recent piece on the subject here.

What we know about the Nelnet Servicing Data Breach

According to an official report filed by the company, Edfinancial Services, LLC was informed by Nelnet on July 21, 2022 that the company was experiencing a data security incident. Nelnet explained that after discovering the unauthorized access, management secured its systems, blocked the suspicious activity, resolved the issue and launched an investigation with outside forensic experts to determine the nature and extent of the activity. However, on August 17, 2022, it was found that an unauthorized party had access to student loan registration information between June 2022 and July 22, 2022.

When Nelnet Servicing discovered that sensitive consumer data could be accessed by an unauthorized party, Nelnet Servicing then looked at the affected files to determine which information was compromised and which consumers were affected. While the information breached varies from person to person, it may include your name, address, email address, and Social Security number. This information was communicated in the letter from Edfinancial Services but appeared to be confirmed by Nelnet Servicing, LLC.

On August 26, 2022, Edfinancial Services, LLC sent data breach letters to all individuals whose information had been compromised as a result of the recent data security incident.

Learn more about Nelnet Servicing, LLC

Nelnet Servicing, LLC is a technology and education solutions company based in Lincoln, Nebraska. One of the main ways the business generates income is by paying off student loans. In this way, the company handles all aspects of loan management such as public loan forgiveness, loan consolidation and scheduling services for borrowers who are unable to make their monthly payments. Nelnet operates several subsidiaries, including Nelnet Business Services, Nelnet Communications Services, Nelnet Diversified Services, and Nelnet Financial Services. Nelnet Servicing employs more than 7,988 people and generates annual sales of approximately $1 billion.

Edfinancial Services, LLC is a student loan service provider based in Knoxville, Tennessee. The company is an official administrator of Federal Student Aid. The company provides customer services to borrowers, including answering questions and handling changes to repayment plans and processing payments. Edfinancial Services employs more than 375 people and generates annual revenues of approximately $193 million.

Liability for data leaks from third parties

In the wake of a data breach, determining which company, if any, is legally responsible for the incident can be challenging. While filing a lawsuit may not cross your mind after your information has been leaked, it’s important to understand liability for data breaches because the damages resulting from these incidents can be serious — and companies could be held financially responsible. Data breaches involving multiple organizations, such as the data breach of Edfinancial Services, LLC / Nelnet Servicing, LLC, naturally present additional challenges.

As a general rule, any company that stores, stores, transmits or receives consumer data has a legal obligation to the consumer, regardless of which company the consumer has provided their information to. As for the Edfinancial Services, LLC / Nelnet Servicing, LLC data breach, based on the information provided in the data breach letter, it appears that Nelnet Servicing, LLC is the most likely liable party. Based on the letter, it does not appear as if a break-in has been committed in the computer system of Edfinancial Services. However, it is too early to say whether Nelnet Servicing was actually responsible for the breach. Before this determination can be made, a thorough investigation must be carried out into the facts leading to the infringement.

In the context of a data breach lawsuit or class action for data breaches, a company can be held financially responsible for victims’ damages if the victims can prove the following elements:

  • The organization owed the victim a duty of care;

  • The organization has violated its duty to the victim;

  • The organization’s negligence caused or contributed to the victim’s harm (ie, identity theft); and

  • The victim suffered economic or non-economic injury as a result.

While this sounds simple, it can be difficult to prove these elements, especially in a case like this where the breached data was shared from one company to another. An experienced data breach attorney can assist victims of the Edfinancial Services / Nelnet Servicing data breach in assessing their options and determining whether they have a legal claim against either company.

The Valley Voice
The Valley Voicehttp://thevalleyvoice.org
Christopher Brito is a social media producer and trending writer for The Valley Voice, with a focus on sports and stories related to race and culture.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Popular

More like this
Related