
CybersecurityJul 2, 2026, 04:22 PM
Navient Reports Material Cybersecurity Incident at Third-Party Law Firm
AI Summary
Navient Corp reported a material cybersecurity incident involving a third-party law firm that provides services to the company. A ransomware attack on the law firm's systems resulted in unauthorized access to Navient-related borrower data, including sensitive information like names, dates of birth, addresses, and Social Security numbers. Navient has launched an investigation, is notifying affected individuals and regulators, and has informed law enforcement. The company stated that its own systems were not compromised, operations were not disrupted, and it does not anticipate a material impact on its financial condition or results of operations.
Key Highlights
- Navient became aware of a cybersecurity incident on June 8, 2026, involving a third-party law firm.
- A ransomware attack affected the law firm's information systems, leading to unauthorized data access.
- Borrower information, including names, dates of birth, addresses, and Social Security numbers, was accessed.
- Navient initiated an investigation with external cybersecurity experts and notified law enforcement.
- The company is conducting notifications to affected individuals and regulators as required.
- Navient's own systems were not affected, and operations were not disrupted by the incident.
- The incident was determined to be material on June 29, 2026, due to data volume and sensitivity.
- Navient does not believe the incident will have a material impact on its financial condition or operations.
Price Impact
More from NAVI