A leading U.S. student loan servicer inadvertently left an Amazon S3 bucket publicly readable, allowing anyone on the internet to download a dataset containing more than 2.5 million records. The exposed files included Social Security numbers, loan balances, repayment histories, and other personally identifiable information. The breach was discovered after security researchers flagged the bucket, prompting an emergency response from the company.

The leak puts millions of borrowers at risk of identity theft, fraud, and credential stuffing attacks. For defenders, this incident underscores the critical importance of proper cloud configuration management, continuous monitoring for publicly accessible storage, and regular audits of permission settings. Misconfigured cloud assets remain a top vector for data exposure, and proactive controls—such as automated policy enforcement and alerting—are essential to prevent similar high‑impact breaches.