Data Breaches, Vulnerabilities

Nelnet breach affects 2.5M student loan accounts; Google releases emergency Chrome security update

Thursday Threat Blog

The new school year is underway. It’s a good time to remember that adults aren’t the only family members cybercriminals target. 

Children of all ages, including college students, can be victims of identity theft and data breaches. In fact, according to Javelin Strategy and Research, 1.25 million kids — or about 1 out of 50 children — every year, are victims of identity theft. This is why it’s important to do all that you can to protect their privacy.

In this week’s BlackCloak Thursday Threat Update, we look at a data breach affecting millions of college student loan applicants. We also explore an emergency security update issued by Google for its Chrome browser.

Nelnet breach exposes data of 2.5 million student loan accounts

What we know: The personal data of more than 2.5 million people with student loans from the Oklahoma Student Loan Authority and EdFinancial were exposed after cybercriminals compromised the systems of NelNet Servicing earlier this summer. The affected data points include full names, physical and email addresses, phone numbers, and Social Security numbers.

Recommendations: EdFinancial and OSLA are offering anyone affected by the breach access to 24 months of identity theft protection free of charge. Instructions on how to sign up are listed within data breach notification letters. Additionally, we recommend that you, or whoever is affected by the breach, place a credit freeze and fraud alert on these accounts. As email addresses and phone numbers were also caught up in the breach, be on the lookout for any suspicious emails or text messages. Cybercriminals may leverage these data points to conduct phishing campaigns.

Google issues emergency Chrome security update

What we know: Google has released an emergency security update for its Chrome browser. The update patches a single high-severity security vulnerability, which the tech company said has already been exploited by hackers. The security update is the sixth one Google has released in 2022 to patch these types of flaws, known as zero-day vulnerabilities.

Recommendations: If you use Google Chrome, check to see whether you are running the latest browser version. Go to the Chrome menu at the top right corner of your browser, represented by three dots. Then,  click “Help” and “About Google Chrome.” If you have automatic updates turned on, your browser will begin to update. You will need to relaunch your browser for the update to take effect.  By the time you are done, you should be running Chrome version 105.0.5195.102.

Protecting your data requires proactive approach

Cybercrimes are an unfortunate byproduct of our ever-evolving digital world. While they are always on the offensive, there are steps you can take to be proactive in your defense. Read our blog to learn about the six ways you can reduce your risk of becoming a data breach, identity theft and financial fraud victim, and our article about how you can stop hackers from stealing your phone number.