Attivo Networks Blogs

Student loan borrower files sent to unauthorized party in accidental breach

SC media logo

The student loan services company Access Group Education Lending is blaming a third-party business partner for inadvertently sending loan files containing borrowers’ personal information to another business that was not authorized to receive them.

According to various media outlets, Access Group notified roughly 16,500 borrowers of the breach in a letter that states the company learned of the breach on Mar. 28, 2018, five days after the incident occurred.

Access Group claims that Nelnet, a vendor providing student loan processing services, was responsible for sending the files to the unauthorized party.

“Immediately after Access Group learned of this vendor error, we contacted the business that mistakenly received the files. That company confirmed the transferred files had been deleted and agreed to have the appropriate manager sign a sworn statement that the files had been deleted with no copies retained,” reads a statement from Access Group, sent to SC Media. “Though exposure of any personal information was limited and access to any personal information was immediately terminated, Access Group provided written notice to those individuals whose files were included in the transfer and to their state Attorneys General.”

In response to the incident, Access Group says it will also offer one year of free credit monitoring services to affected individuals, and will “continue to diligently monitor our vendor partnerships, including requiring written data transfer protocols and demanding that vendor employees verify the recipients of data transfers before initiating the action.”


Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

6 − three =

Ready to find out what’s lurking in your network?

Scroll to Top