The Colorado Department of Higher Education (CDHE) finally disclosed a data breach impacting students, past students, and teachers after the June attack.
In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach. CDHE did not disclose the number of impacted individuals.
CDHE discovered the ransomware attack on June 19, 2023, it immediately launched an investigation into the security breach with the help of third-party specialists.
The experts determined the threat actors had access to CDHE systems between June 11 and June 19, 2023 and copied data from the company systems during this time.
The incident impacted teachers, current and past students, attackers had access to names and social security numbers or student identification numbers, as well as other education records
“While this incident is still part of an ongoing criminal and internal investigation, we do know that an unauthorized actor(s) accessed CDHE systems between June 11 and June 19, 2023 and that certain data was copied from CDHE systems during this time.” reads the Notice of Data Incident published by the company. “Over the past few weeks, our investigation has revealed that some of the impacted records include names and social security numbers or student identification numbers, as well as other education records.”
Once the investigation will be completed, CDHE will notify impacted by mail or email.
The company added that the incident may have impacted those that attended a public institution of higher education in Colorado between 2007-2020, attended a Colorado public high school between 2004-2020, individuals with a Colorado K-12 public school educator license between 2010-2014, participated in the Dependent Tuition Assistance Program from 2009-2013, participated in Colorado Department of Education’s Adult Education Initiatives programs between 2013-2017, or obtained a GED between 2007-2011.
CDHE provides free access to the identify theft monitoring Experian IdentityWorksSM for 24 months.
At the time of this writing, no ransomware group has claimed responsibility for the security breach.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, data breach)
Share On