Nelnet Loan Service Data Breach: What You Need to Know


LEXINGTON, Kentucky (September 22, 2022) — A student loan management technology, Nelnet Servicing, reported a data breach exposing the personal information of students with loans from the Oklahoma Student Loan Authority (OSLA) and EdFinancial. Although this breach does not affect any University of Kentucky systems, UK Information Technology Services (UK ITS) wishes to inform students of the potential implications of this breach.

What happened?

Further investigation into the Nelnet Services breach indicates that the student loan information of more than 2.5 million people was exposed. This information includes full name, physical address, email address, phone number, and social security number. It did not include financial information.

What does this mean for me?

If you were affected by this breach, it means that bad actors could use your information for further attacks such as phishing, social engineering, impersonation and various scam schemes. If your information has been exposed by this breach, you should have received notification from OSLA or EdFinancial.

What should I do?

UK ITS recommends staying diligent in protecting yourself against identity theft and keeping a close eye on bank accounts and financial statements. Enabling two-factor authentication for all accounts that offer it is strongly encouraged. It is also advisable to regularly check credit reports.

For more information about this breach, see the Maine Attorney General’s filing of the data breach notification. UK ITS offers cybersecurity education resources at Those interested in learning more about the different types of cybersecurity attacks can visit


Comments are closed.