Search This Blog

Showing posts with label Students Data. Show all posts

Nelnet Servicing breach over 2.5 Million Student Loan Data

A hack on technology services supplier Nelnet Servicing affected more than 2.5 million persons with students with student loan accounts with EdFinancial and the Oklahoma Student Loan Authority. 

The provider claims that hackers accessed its systems without authorization in June and continued to do so through July 22. There have been about 2,501,324 people who were affected by the data breach.

The information that was made public includes full name, place of residence, email address, contact details, and social security number. 

Hackers can exploit the aforementioned data by employing a number of tricks like phishing, social engineering, impersonation, and other tactics. The danger of exposure is amplified because loans are such a delicate subject.

Nelnet informed Edfinancial and OSLA that the attackers initially gained access by taking advantage of a vulnerability in its systems.

Nelnet claims to have stopped the hack as soon as the security vulnerability was discovered, but a later review, which was finished on August 17, 2022, found that some student loan account registration data may have been obtained.

Customers who might be impacted have already been informed by EdFinancial and OSLA, although EdFinancial made it clear that not all of its clients are affected as Nelnet Servicing is not its only technology supplier. 

It has been suggested that people use the free identity theft protection services offered by EdFinancial and OSLA if their data may have been affected by the event. Furthermore, due to the data breach, the provider of technical services could be subject to a class action lawsuit. 

The law firm "Markovits, Stock & DeMarco" yesterday began an inquiry into the possibility of a class action lawsuit due to the magnitude of this data breach occurrence.

According to a letter sent to impacted borrowers, "we urge you to be alert against incidences of identity theft and fraud over the following 24 months, by examining your account statements and keeping an eye on your free credit reports for suspicious activity and to spot errors."

It is advised that those who receive the notices sign up for Experian's IdentityWorks service right once to shield themselves from fraud, and they should also keep a watch for any other incoming correspondence.

Over 100,000 Files with Student Records from the British Council were Discovered Online


More than 100,000 files including student records from the British Council were discovered online. A cybersecurity firm uncovered an unsecured Microsoft Azure blob on the internet, which revealed student names, IDs, usernames, email addresses, and other sensitive information. The British Council, founded in 1951 in London, is a British organization that promotes worldwide cultural and educational possibilities. It works in over 100 countries to promote cultural, scientific, technological, and educational interaction with the UK as well as a better understanding of the UK and the English language.

Clario, a cyber security firm, and security researcher Bob Diachenko discovered the breach on December 5th, 2021, and immediately contacted the British Council. According to the researchers, a public search engine identified an insecure Azure blob container containing hundreds of readable Excel spreadsheets and XML/JSON files. Personal information of hundreds of thousands of learners and students of British Council English courses from throughout the world was contained in these files. The researchers note that it is unclear how long this content was available to the public online without authentication. 

The British Council issued a statement about the incident on December 23rd, “The British Council takes its responsibilities under the Data Protection Act 2018 and General Data Protection Regulations (GDPR) very seriously. The Privacy and security of personal information is paramount. Upon becoming aware of this incident, where the data was held by a third-party supplier, the records in question were immediately secured, and we continue to look into the incident in order to ensure that all necessary measures are and remain in place.”

 “We have reported the incident to the appropriate regulatory authorities and will fully cooperate with any investigation or further actions required,” the council added. 

One of the key worries the researchers had at the time was the danger of phishing actors and identity thieves gaining access to this information. After not hearing back from the British Council for 48 hours, the researchers tried to contact again, this time via Twitter, which is where further communication between the two sides took place. 

According to the British Council, despite the fact that the researchers uncovered over 144,000 files, just roughly 10,000 student records were impacted. The discovery of this data leak comes in the wake of a report last month that stated the British Council had been the target of "two successful ransomware assaults over the past five years," in addition to six unsuccessful efforts by ransomware operatives. The British Council apparently faced 12 days of downtime as a result of these attacks—five days in the first case and seven days in the second. However, neither time did the organization pay a ransom.

Cyberattack Compels Albuquerque Public Schools to Close 144 Schools


Following a cyberattack that attacked the district's attendance, communications, and transportation systems, all 144 Albuquerque Public Schools are closed for the remainder of this week, according to APS's announcement on mid-day Thursday. 

APS is one of the 50 largest school districts in the country, with around 74,000 students. 

District IT staff discovered the problem on Wednesday, and APS posted a statement on its website and Twitter account that afternoon stating, “All Albuquerque Public Schools will be closed Thursday, Jan. 13, due to a cyberattack that has compromised some systems that could impact teaching, learning, and student safety. … The district is working with contracted professionals to fix the problem.” 

"The district continues to examine a cyberattack that affected the student information system used to take attendance, contact families in emergencies, and ensure that students are picked up from school by authorised people," APS stated online on Thursday afternoon and cancelled classes for Friday. 

APS said it will reopen schools on Tuesday, Jan. 18, after being closed on Monday for Martin Luther King Jr. Day, specifying that administrative offices stayed open. The attack was detected Wednesday morning when instructors attempted to enter onto the student information system and were unable to obtain access to the site, according to APS Superintendent Scott Elder in a brief statement uploaded to the district's APS Technology YouTube page. 

Elder further stated, “APS is working with local and national law enforcement as well as teams of cyber specialists to as quickly as possible limit our exposure to this attack, to protect all systems in our network and ensure a safe environment to return to school and business as usual.” 

He noted that the district's IT department had been "mitigating attacks" in recent weeks. A spokeswoman told the Albuquerque Journal she was sceptical about what kind of attack it was and said she didn’t know whether those responsible had demanded a ransom.