DENVER – Aug. 4, 2023: The Colorado Department of Higher Education (“CDHE”) is providing notice of a cybersecurity incident that may involve the personal information of certain individuals. CDHE is providing information about the measures it has taken in response to the incident, and steps impacted individuals may take to protect themselves against possible misuse of information.
What Happened?
On June 19, 2023, CDHE became aware it was the victim of a cybersecurity ransomware incident that impacted its network systems. CDHE took steps to secure the network and has been working with third-party specialists to conduct a thorough investigation into this incident. CDHE also worked to restore systems and return to normal operations.
While this incident is still part of an ongoing criminal and internal investigation, CDHE knows that an unauthorized actor(s) accessed CDHE systems between June 11 and June 19, 2023 and that certain data was copied from CDHE systems during this time. Over the past few weeks, the investigation has revealed that some of the impacted records include names and social security numbers or student identification numbers, as well as other education records.
The review of the impacted records is ongoing and once complete, CDHE will be notifying potentially impacted individuals by mail or email for individuals for whom we have contact information. While the review is ongoing, those that attended a public institution of higher education in Colorado between 2007-2020, attended a Colorado public high school between 2004-2020, individuals with a Colorado K-12 public school educator license between 2010-2014, participated in the Dependent Tuition Assistance Program from 2009-2013, participated in Colorado Department of Education’s Adult Education Initiatives programs between 2013-2017, or obtained a GED between 2007-2011 may be impacted by this incident.
What We Are Doing
In response to this incident, CDHE is reviewing its policies and procedures and working to implement additional cybersecurity safeguards to further protect its systems. Additionally, CDHE is providing impacted individuals with complimentary access to credit monitoring and identity theft protection services through Experian for two years. Although CDHE is making these services available to impacted individuals, CDHE is unable to enroll individuals directly. Please review Steps You Can Take to Help Protect Personal Information.
What You Can Do
Remain vigilant against incidents of identity theft and fraud. Individuals should review account statements and monitor free credit reports to detect suspicious activity and errors. CDHE encourages impacted individuals to enroll in credit monitoring services through Experian.
For More Information
We understand that members of the public may have additional questions. For assistance with questions regarding this incident, please call our designated hotline at (833) 301-1346 between 7 a.m. to 9 p.m. Mountain Time, Monday through Friday, 9 a.m. to 6 p.m. Mountain Time, Saturday and Sunday (excluding U.S. holidays). Additional information can also be found at the Notice of Data Incident.
###