Breach may have exposed ten years of SSNs, student ID numbers of college and high school students
Days ago, the Colorado Department of Higher Education (CDHE) reported that a cyber breach may have compromised personal information for teachers, high school students and college students in the state from 2010 to 2020.
As reported in the department’s statement, they became aware of the ransomware attack on June 19, 2023. They took steps to secure the network and worked with third-party specialists to conduct a thorough investigation, restore systems and return to normal operations.
“An unauthorized actor(s) accessed CDHE systems between June 11 and June 19, 2023, and certain data was copied from (our) systems during this time,” says the Colorado Department of Education. “Our investigation has revealed that some of the impacted records include names and social security numbers or student identification numbers, as well as other education records.”
In 2022, 44 colleges and universities and an equal number of school districts were impacted by ransomware.
According to CBSNews.com, a CDHE spokesperson says the agency knows the source of the ransomware and confirms that it was not paid. The amount asked for was not disclosed.
Ransomware attacks in higher education are not uncommon. A study from malware research firm, Emisoft, reports that 44 colleges and universities were impacted in 2022. An equal number of school districts fell victim. In 65% of the cases, data was taken. The true numbers are likely to be higher as cyber attacks often go unreported.
Those that may have been impacted by in the Colorado breach include individuals who:
CDHE says it “is providing impacted individuals with complimentary access to credit monitoring and identity theft protection services through Experian for two years.”