The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in June.
In a ‘Notice of Data Incident’ published on the CDHE website, the Department says they suffered a ransomware attack on June 19th, 2023.
“On June 19, 2023, CDHE became aware it was the victim of a cybersecurity ransomware incident that impacted its network systems,” explains the data breach notification.
“CDHE took steps to secure the network and have been working with third-party specialists to conduct a thorough investigation into this incident. CDHE also worked to restore systems and return to normal operations. “
When ransomware gangs breach an organization, they quietly spread through a network while stealing sensitive data and files from computers and servers. When done stealing data and finally gaining access to an administrator account on the network, the threat actors deploy ransomware to encrypt the computers on the network.
The stolen data is then used in double-extortion attacks, where they threaten to publicly leak data unless a ransom is paid.
According to the CDHE, this tactic was used on its network, with their investigation revealing that the threat actors had access to their systems between June 11th and June 19th. During this time, the threat actors stole data from the Department’s systems that spanned 13 years between 2004 and 2020.
The data stolen from CDHE is significant, impacting the following students, past students, and teachers who:
- Attended a public institution of higher education in Colorado between 2007-2020.
- Attended a Colorado public high school between 2004-2020.
- Had a Colorado K-12 public school educator license between 2010-2014.
- Participated in the Dependent Tuition Assistance Program from 2009-2013.
- Participated in Colorado Department of Education’s Adult Education Initiatives programs between 2013-2017.
- Obtained a GED between 2007-2011 may be impacted by this incident.
The stolen information includes full names, social security numbers, dates of birth, addresses, proof of addresses (statements/bills), photocopies of government IDs, and for some, police reports or complaints regarding identity theft.
The CDHE did not share how many people were impacted, but as the scope of the breach ranges from 2004 to 2020, it likely encompasses a large number of individuals.
Due to the sensitive nature of the exposed information, the CDHE provides free access to identify theft monitoring for 24 months to those impacted.
While no ransomware operation has claimed responsibility for the attack, all affected users should assume their data will be used maliciously and stay vigilant against identity theft and phishing attacks.
Even if the CDHE paid for the data to be deleted, some threat actors do not keep their promises and use the data for further attacks.
Therefore, be careful of phishing emails attempting to gather further information, such as passwords, account numbers, or financial information.