Decades of Colorado students could be at risk following a massive data breach at the state’s Department of Higher Education.
Officials are continuing to investigate a cybersecurity ransomware incident that occurred on June 19, exposing students’ names, social security numbers, student identification numbers and other education records, CDHE announced in a news release Friday.
The department will notify potentially impacted individuals by mail or email “to the extent CDHE has contact information” once the investigation is complete. In the meantime, CDHE encourages potential victims to sign up for complimentary two-year credit monitoring and identity theft protection services through Experian. Specifics on this protection measure can be found at cdhe.colorado.gov/notice-of-data-incident. Enrollment for these services ends Nov. 30.
The following groups are potentially at risk:
- Those who attended a public institution of higher education in Colorado between 2007-2020
- Those who attended a Colorado public high school between 2004-2020
- Those who held a Colorado K-12 public school educator license between 2010-2014
- Those who participated in the Dependent Tuition Assistance Program from 2009-2013
- Those who participated in Colorado Department of Education’s Adult Education Initiatives programs between 2013-2017
- Those who obtained a GED between 2007-2011
CDHE is working with third-party specialists to investigate this breach. The department is also “reviewing its policies and procedures and working to implement additional cybersecurity safeguards to further protect its systems,” according to the news release. The department declined to comment on the incident .
Those who fall into the at-risk groups should “remain vigilant against incidents of identity theft and fraud” and “review account statements and monitor free credit reports to detect suspicious activity and errors.”
For questions, CDHE has a hotline at 833-301-1346 between 7 a.m. and 9 p.m. Monday through Friday and 9 a.m. and 6 p.m. Saturday and Sunday.