Colorado Education Dept. Hit by Huge Data Breach

On Friday, the Colorado Department of Higher Education (CDHE) made an announcement regarding a data breach. The department detected this breach on June 19th and have since been collaborating with external specialists to manage the situation. Those impacted include people who attended public higher education institutions in Colorado from 2007 to 2020, or those who were enrolled in a Colorado public high school between 2004 and 2020.

Furthermore, the notification states that others who might be affected by the breach include individuals with a Colorado K-12 public school educator license from 2010 to 2014, participants in the Dependent Tuition Assistance Program between 2009 and 2013, attendees of Colorado Department of Education’s Adult Education Initiatives programs from 2013 to 2017, or individuals who obtained a GED between 2007 and 2011

Some of the data stolen in the breach includes information such as names, education records, student identification numbers, and social security numbers — all of which could be used for identity fraud.

Megan McDermott, Senior Director of Communications and Community Engagement at CDHE, confirmed to CBS News Colorado that the department is acquainted with the group behind the ransomware. She declined to reveal the ransom amount requested, citing ongoing criminal and internal investigations. Nevertheless, she did confirm that the ransom remained unpaid.

While the CDHE hasn't disclosed the exact number of individuals impacted by the ransomware attack, it's likely to encompass a significant number of people. According to TechCrunch, the department has outlined its intention to inform those affected, and all impacted individuals are being offered two years of identity theft protection services. The identity of the perpetrator behind the cyberattack remains unknown at this time, and no major ransomware groups have claimed responsibility.