In a breach notification, The Colorado Department of Higher Education (CDHE) disclosed a massive data breach impacting current and past students and teachers after suffering a June, double-extortion ransomware attack. According to the CDHE, their investigation revealed that the threat actors had access to their systems between June 11th and June 19th, and, during that time, data was stolen from the Department’s systems spanning 13 years, between 2004 and 2020. The CDHE did not share how many people were impacted, but it likely encompasses a large number of individuals with those impacted including students, past students, and teachers who:
- Attended a public institution of higher education in Colorado between 2007-2020
- Attended a Colorado public high school between 2004-2020
- Had a Colorado K-12 public school educator license between 2010-2014
- Participated in the Dependent Tuition Assistance Program from 2009-2013
- Participated in Colorado Department of Education’s Adult Education Initiatives between 2013-2017
- Obtained a GED between 2007-2011
The information stolen includes full names, social security numbers, dates of birth, addresses, proof of addresses, photocopies of government IDs, and potentially, police reports or complaints regarding identity theft.
Emily Phelps, Director, Cyware:
“Higher education institutions handle vast amounts of valuable data from a diverse user base but lack the resources and technology to effectively defend against cyber-attacks, making them attractive targets for cybercriminals. Practicing strong security hygiene, implementing regular cybersecurity awareness training, and maintaining a robust incident response plan can help mitigate the risks. Collaboration, public-private partnerships, and increased threat intelligence sharing across public entities can lead to more robust, comprehensive defenses, improving resilience and protecting both the organizations and their people.”
The education sector has always been a target for threat actors. Thus those in that sector need to beef things up to avoid being the next organization that gets pwned.
UPDATE: I have two more comments. Starting withCarol Volk, EVP, BullWall:
“Thirteen years of data scooped up in a single breach. There are so many available ways to protect against both the breach and the exfiltration of data. We do not know what defenses the CDHE had in place, but it is imperative that Institutions implement the full scope of defenses, as the abuse of data they hold can harm generations of students.
Yes, schools are doing their best to stand up the best preventative security tools they can, but there will never be budget or resources to stay ahead of the attackers. Ensuring tools are in place to contain an active attack is where education should focus next.”
Emily Phelps, Director, Cyware follows with this:
“Higher education institutions handle vast amounts of valuable data from a diverse user base but lack the resources and technology to effectively defend against cyber-attacks, making them attractive targets for cybercriminals. Practicing strong security hygiene, implementing regular cybersecurity awareness training, and maintaining a robust incident response plan can help mitigate the risks. Collaboration, public-private partnerships, and increased threat intelligence sharing across public entities can lead to more robust, comprehensive defenses, improving resilience and protecting both the organizations and their people.”
Like this:
Like Loading...
Related
This entry was posted on August 7, 2023 at 4:01 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Colorado Dept Of Education Warns Of Stolen Data That Spanned 13 Years
In a breach notification, The Colorado Department of Higher Education (CDHE) disclosed a massive data breach impacting current and past students and teachers after suffering a June, double-extortion ransomware attack. According to the CDHE, their investigation revealed that the threat actors had access to their systems between June 11th and June 19th, and, during that time, data was stolen from the Department’s systems spanning 13 years, between 2004 and 2020. The CDHE did not share how many people were impacted, but it likely encompasses a large number of individuals with those impacted including students, past students, and teachers who:
The information stolen includes full names, social security numbers, dates of birth, addresses, proof of addresses, photocopies of government IDs, and potentially, police reports or complaints regarding identity theft.
Emily Phelps, Director, Cyware:
“Higher education institutions handle vast amounts of valuable data from a diverse user base but lack the resources and technology to effectively defend against cyber-attacks, making them attractive targets for cybercriminals. Practicing strong security hygiene, implementing regular cybersecurity awareness training, and maintaining a robust incident response plan can help mitigate the risks. Collaboration, public-private partnerships, and increased threat intelligence sharing across public entities can lead to more robust, comprehensive defenses, improving resilience and protecting both the organizations and their people.”
The education sector has always been a target for threat actors. Thus those in that sector need to beef things up to avoid being the next organization that gets pwned.
UPDATE: I have two more comments. Starting withCarol Volk, EVP, BullWall:
“Thirteen years of data scooped up in a single breach. There are so many available ways to protect against both the breach and the exfiltration of data. We do not know what defenses the CDHE had in place, but it is imperative that Institutions implement the full scope of defenses, as the abuse of data they hold can harm generations of students.
Yes, schools are doing their best to stand up the best preventative security tools they can, but there will never be budget or resources to stay ahead of the attackers. Ensuring tools are in place to contain an active attack is where education should focus next.”
Emily Phelps, Director, Cyware follows with this:
“Higher education institutions handle vast amounts of valuable data from a diverse user base but lack the resources and technology to effectively defend against cyber-attacks, making them attractive targets for cybercriminals. Practicing strong security hygiene, implementing regular cybersecurity awareness training, and maintaining a robust incident response plan can help mitigate the risks. Collaboration, public-private partnerships, and increased threat intelligence sharing across public entities can lead to more robust, comprehensive defenses, improving resilience and protecting both the organizations and their people.”
Share this:
Like this:
Related
This entry was posted on August 7, 2023 at 4:01 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.