On February 15, 2024, the Colorado Department of Higher Education (CDHE) issued an update concerning a cybersecurity breach that occurred in June 2023, affecting sensitive data of numerous individuals. This follow-up aims to provide clarity on the investigation's findings and the measures put in place for those potentially affected.
"We take the protection of personal information very seriously and have taken the necessary steps to address this issue," said a CDHE spokesperson, underlining the department's commitment to data security.
"We take the protection of personal information very seriously and have taken the necessary steps to address this issue,"
The incident, categorized as a ransomware attack, was discovered on June 19, 2023, after unauthorized access was detected in CDHE systems. The attack involved the copying of personal information, including names, Social Security numbers, and educational records, from systems between June 11 and June 19 of that year.
CDHE has since engaged a third-party vendor to conduct a comprehensive investigation into the breach. "We are working closely with specialists to understand how this occurred and ensure it does not happen again," remarked a member of the investigation team.
"We are working closely with specialists to understand how this occurred and ensure it does not happen again,"
Impact and Legacy
The impact of this incident extends to a variety of individuals, including those who were part of the Federal TRIO program in Colorado before 2017, those who attended public high schools in the state during the 2020-2021 or 2021-2022 school years, and individuals who completed GED exams in Colorado prior to 2012.
Impact and Legacy
"We want to ensure that everyone who may be impacted is informed and understands the next steps they should take,"
Impact and Legacy
As part of its response strategy, CDHE is offering complimentary access to credit monitoring and identity theft protection services through Experian for those impacted by the incident. However, due to privacy regulations, the department is unable to directly enroll individuals in these services. "We encourage everyone who might be affected to take advantage of these protection services," the spokesperson added.
"We encourage everyone who might be affected to take advantage of these protection services,"
CDHE has established a hotline for individuals needing additional assistance or information about the incident. "For any questions related to this matter, we invite concerned individuals to call our dedicated hotline," said the spokesperson, emphasizing the department’s focus on transparency and support.
"For any questions related to this matter, we invite concerned individuals to call our dedicated hotline,"
To effectively safeguard personal information, individuals are encouraged to stay alert for identity theft or fraud, regularly review their account statements, and monitor their credit reports for unauthorized activity. “Vigilance is key in these situations, and being proactive can help mitigate potential damage,” advised a cybersecurity expert.
In an effort to assist affected individuals, CDHE recommends enrolling in the offered monitoring services by May 31, 2024. This enrollment will grant access to Experian IdentityWorks, which includes identity restoration services for up to 24 months following the notice.
As CDHE continues to manage the fallout from this incident, they emphasize their ongoing commitment to enhancing their cybersecurity framework. "We are learning from this experience and are dedicated to improving our security measures to prevent future incidents,” pledged an official from the department.
The situation highlights the need for vigilance and preparedness in an age where cyber threats are increasingly common. Moving forward, CDHE and other institutions like it must prioritize robust security protocols to ensure the privacy and safety of their stakeholders.
