Colorado education department discloses data breach spanning 16 years

Officials are investigating a ransomware attack from June affecting an unknown number of students.

ilbusca via Getty Images

After a ransomware attack in June, the Colorado Department of Higher Education (CDHE) notified students on Friday of a potential data leak. In June, "unauthorized actor(s)" not yet publicly identified accessed CDHE systems in a ransomware attack. While authorities continue to investigate the full extent of the damage, the department has disclosed that the attack breached personally identifiable information like names and social security numbers.

"The review of the impacted records is ongoing and once complete, CDHE will be notifying individuals who are potentially impacted by mail or email to the extent we have contact information," CDHE wrote in a Notice of Data Incident. But the department warns students that the impact of the breach reaches across programs, from public schools to adult education initiatives, over a 16 year time period.

In response, CDHE is offering free access to Experian credit monitoring and identity theft protection to protect their data. The department recommends impacted groups keep an eye on their account statements and credit reports for suspicious activity.

Education systems are a popular target for ransomware attacks. In 2022, at least 44 colleges and 45 school districts reported ransomware attacks, compared to 88 total education departments in 2021, according to data from Emsisoft. The Government Accountability Office recommended that the Department of Education and the Department of Homeland Security coordinate to evaluate school cybersecurity efforts across the country.