On Aug. 4, the Colorado Department of Higher Education (CDHE) learned that an authorized actor had accessed its systems in a ransomware incident that took place between June 11 and 19. The unknown gang copied private and sensitive data including, but not limited to, names, Social Security numbers, and student identification numbers.
This breach potentially affects a large demographic of individuals, including those who attended a public college or university in Colorado between 2007 and 2020, or a public high school between 2004 and 2020; those who held a Colorado K-12 education license between 2010 and 2014; those who participated in the state's Dependent Tuition Assistance Program from 2009 and 2013; those who participated in the Colorado Department of Education's Adult Education Initiatives between 2013 and 2017; and those who received a GED in Colorado between 2007 and 2011.
According to a "Notice of Data Incident" published on the CDHE website, a review of the affected records is ongoing, and CDHE will notify those who were impacted once it is complete. CDHE is reviewing its policies and procedures and is providing those affected with credit monitoring and identity theft protection services for the next two years, though individuals will need to enroll themselves directly.
The CDHE hasn't shared how many people were affected or who the threat actors were, though it has secured its network and has worked to restore its systems to normal operations as well as paid for the data to be deleted.
"Remain vigilant against incidents of identity theft and fraud," stated the CDHE notice. "Individuals should review account statements and monitor free credit reports to detect suspicious activity and errors. CDHE encourages impacted individuals to enroll in credit monitoring services through Experian."