Breach Notification , Security Operations

Colorado Warns Ransomware Attack Caused Massive Data Breach

Information From 2004 to 2020 Exposed for High School Students, Teachers and Others
Colorado Warns Ransomware Attack Caused Massive Data Breach
Colorado has mountains - and also the prospect of a massive data breach. (Image: Shutterstock)

The state of Colorado is warning residents that ransomware hackers in June made off with personal identifiable information it tracks through its Department of Education on current and past students as well as teachers.

See Also: Jumpstarting Digital Forensic Investigations

The state has yet to quantify the number of affected individuals. If everyone across the different groups whose information was stolen - students in high school, students in higher education and adult education programs, and educators holding a state teaching license - is affected, the breach tally would stretch into the millions.

Per the state's preliminary notification, the data breach may be sizable, given that it includes various types of information collected from 2004 to 2020.

The Colorado Department of Higher Education said in a Friday data breach notification that it had detected the ransomware attack on June 19 and brought in third-party experts to probe the incident.

Officials reported that digital forensic investigators had found attackers first accessed state systems on June 11. In recent weeks, investigators said that before the intrusion was discovered, attackers had exfiltrated data. Exposed information includes names, Social Security numbers and student ID numbers, among other types of information.

The state said that exposed information may affect individuals from across the state's public education spectrum, including:

  • Public high schools: Individuals who attended from 2004 to 2020;
  • Public universities and colleges: Individuals who attended from 2007 to 2020;
  • Educators: Individuals who held a Colorado K-12 public school educator license from 2010 to 2014;
  • Tuition assistance: Individuals who participated in the Dependent Tuition Assistance Program from 2009 to 2013;
  • Adult education: Anyone who participated in the state's Adult Education Initiatives programs from 2013 to 2017;
  • General Educational Development Test credential: Anyone who obtained a GED from 2007 to 2011.

"Our investigation is ongoing and we are still getting a sense of exact numbers, but we wanted to provide notice of the event sooner rather than later to ensure individuals can engage in self-help," the state's data breach notification reads.

Anyone who believes they may have been affected can contact a telephone hotline the state has created to handle inquiries. The state will offer two years of identity theft monitoring services via Experian to all victims.

State officials are urging anyone who has potentially been affected to watch for signs of fraud, and they urged individuals to review account statements and credit reports for signs of suspicious activity.

Due to the ransomware attack and data breach, the Department of Higher Education said it is reviewing all existing security policies and procedures and planning to improve its cybersecurity defenses.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.