Colorado’s state government has warned students and teachers that hackers may have accessed their personal information — dating as far back as 2004.
In a notice on its website, the Colorado Department of Higher Education (CDHE) confirmed it experienced a ransomware incident that saw hackers access and copy data from its systems between June 11 and June 19. This data includes student and teacher names, addresses, Social Security numbers, student identification numbers, and other unspecified education records, according to CDHE.
The department said that those affected may include individuals who attended public higher education institutions in Colorado between 2007 and 2020 or attended a Colorado public high school between 2004 and 2020.
Additionally, the notice says others may be affected, including individuals with a Colorado K-12 public school educator license between 2010 and 2014; those who participated in the Dependent Tuition Assistance Program from 2009 to 2013; those who participated in Colorado Department of Education’s Adult Education Initiatives programs between 2013 and 2017; or those who obtained a GED between 2007 and 2011.
The CDHE did not say how many people are affected by the ransomware attack, but likely encompasses a large number of individuals. The department said it plans to notify those affected, and all of those impacted are being offered two years of identity theft protection services.
It’s not yet known who is behind the cyberattack and it doesn’t appear to have yet been claimed by any of the major ransomware groups.
Colorado has suffered a spate of ransom attacks in recent weeks. Colorado State University (CSU) confirmed last month that the Clop ransomware gang had stolen sensitive personal information belonging to current and former students and employees during the recent MOVEit mass hacks. The same hackers targeted Colorado’s Department of Health Care Policy and Financing, which said that personal identifiable information of those enrolled in Colorado’s Medicaid program or child health plan may have been compromised.