Education dept in US state reveals data breach spanning 16 years

The Colorado Department of Higher Education (CDHE) has notified students of a potential data leak following a ransomware attack in June as well as informed students that the breach has affected multiple programmes over a 16-year time period, including public schools and adult education initiatives, across the US state.

"On June 19, CDHE became aware it was the victim of a cybersecurity ransomware incident that impacted its network systems," the department wrote in a Notice of Data Incident.

"While this incident is still part of an ongoing criminal and internal investigation, CDHE knows that an unauthorised actor(s) accessed CDHE systems between June 11 and 19, and that certain data was copied from CDHE systems during this time," it added.

According to the investigation, some of the affected records include names, social security numbers, student identification numbers, as well as other educational records.

While the review is ongoing, the department said those that attended a public institution of higher education in the state between 2007-2020; attended a Colorado public high school between 2004-2020; individuals with a Colorado K-12 public school educator license between 2010-2014; participated in the Dependent Tuition Assistance Programme from 2009-2013; participated in Colorado Department of Education’s Adult Education Initiatives programmes between 2013-2017; or obtained a GED between 2007-2011; may be impacted by this incident.

The CDHE further said that it is reviewing its policies and procedures and working to implement additional cybersecurity safeguards to further protect its systems.

Additionally, the department is offering impacted individuals complimentary access to credit monitoring and identity theft protection services through Experian for two years.

It has also recommended that affected groups keep an eye on their account statements and credit reports for suspicious activity.

(IANS/SR)