The Colorado Department of Higher Education (CDHE) has confirmed that students’ personal information may have been compromised during a ransomware attack earlier this year.
In June of this year, CDHE learned that it was the victim of a ransomware attack that impacted its networks. After learning of the attack, CDHE worked with third-party specialists to conduct an investigation into the incident. While CDHE says the incident is still part of an ongoing criminal and internal investigation, the department said it knows that an unauthorized actor(s) accessed CDHE systems between June 11 and June 19, 2023 and that data was copied from CDHE systems during this attack.
CDHE confirmed in a statement that the investigation has found that some of the impacted records include names and social security numbers or student identification numbers, as well as other education records. The review of impacted records is still ongoing. Once the review is completed, the department will notify potentially impacted individuals by mail or email.
While CDHE hasn’t notified specific impacted individuals, the department said that those who may be impacted include: students who attended a public institution of higher education in Colorado between 2007-2020; those who attended a Colorado public high school between 2004-2020, individuals with a Colorado K-12 public school educator license between 2010-2014; those who participated in the Dependent Tuition Assistance Program from 2009-2013; those who participated in Colorado Department of Education’s Adult Education Initiatives programs between 2013-2017; and those who obtained a GED between 2007-2011.
In response to this incident, CDHE said it is reviewing its policies and procedures and working to implement additional cybersecurity safeguards to further protect its systems. CDHE will also provide impacted individuals with free access to credit monitoring and identity theft protection services through Experian for two years.