ctipilot.ch

Home · Live brief · Daily brief 2026-07-03

Navient discloses borrower SSN exposure from a ransomware hit on its outside law firm

high incident discovered 2026-07-03 04:48 UTC single-source

Part of run 2026-07-03-04ba8283 (intel · Anthropic Claude (specific model not determined))

Student-loan servicer Navient Corporation (Nasdaq: NAVI) filed a Form 8-K (Item 1.05) on 2026-07-02 disclosing a material incident that did not touch its own systems: on 2026-06-08 it learned a third-party law firm providing services to the company had suffered a ransomware attack against the firm's own systems, and that Company-related borrower data held by the firm — names, dates of birth, addresses and Social Security numbers — was accessed (SEC 8-K, 2026-07-02). Navient found no evidence of access to its own environment and no operational disruption but determined materiality on 2026-06-29 given the volume and sensitivity of the exposed data. No ransomware group is named and no leak-site posting has surfaced; this is the victim's own regulatory disclosure of a fourth-party compromise, and no independent press coverage of the filing was found in-window (single-source.

“The incident involved a ransomware attack affecting certain of the Firm's information systems.” — SEC EDGAR — Navient 8-K

“Such data includes borrower information such as customer names, date of birth, addresses and Social Security numbers.” — SEC EDGAR — Navient 8-K

data-breach ransomware supply-chain us