Cyber Security Threat Summary:
The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in June. In a 'Notice of Data Incident' published on the CDHE website, the Department says they suffered a ransomware attack on June 19th, 2023. When ransomware gangs breach an organization, they quietly spread through a network while stealing sensitive data and files from computers and servers. When done stealing data and finally gaining access to an administrator account on the network, the threat actors deploy ransomware to encrypt the computers on the network. The stolen data is then used in double-extortion attacks, where they threaten to publicly leak data unless a ransom is paid.

According to the CDHE, the actors had access to its systems between June 11 and 19, enabling the attackers to gain access to data spanning 13 years between 2004 and 2020, indicating that pass students, and teachers were also impacted. The data allegedly stolen includes full names, social security numbers, dates of birth, addresses, proof of addresses (statements/bills), photocopies of government IDs, and for some, police reports or complaints regarding identity theft.

Security Officer Comments:
CDHE did not disclose how many individuals were impacted. However, given that the data encompasses information collected between 2004-2020, it likely encompasses a large number of individuals. As of writing, no ransomware gang has claimed responsibility for the attack, though this may change in the upcoming days/weeks, with groups typically posting victims on their data leak site.

Suggested Correction(s):
With personally identifiable information being stolen, impacted individuals should be on the look out for identity theft and targeted phishing attacks.

Link(s):
https://www.bleepingcomputer.com/