DENVER — A data breach potentially exposing the personal information of students enrolled in Colorado higher education institutions and public high schools was more widespread than first thought, according to new information released Thursday.
The Colorado Department of Higher Education (CDHE) updated its August 2023 initial report adding students who attended a Colorado public high school in 2020-2021 and 2021-2022 may have been impacted by the ransomware incident.
Additionally, the CDHE reported students who took the GED exam before 2012 and students enrolled in a Federal TRIO program before 2017 could also be potential victims.
Federal TRIO programs were established to help low-income students reach higher education goals.
The data incident stemmed from what the CDHE described as “unauthorized actor(s)” accessing and copying the data between June 11 and June 19, 2023 from student records which included names, social security numbers among other records.
The CDHE said it released a public notice of the data incident, which is under a criminal and internal investigation.
The list of potential impacts also includes:
- Students of Colorado public higher education institutions between 2007-2020
- Colorado public high school students between 2004-2022
- People who had a Colorado K-12 public school educator license between 2010-2014
- People who participated in the Dependent Tuition Assistance Program from 2009-2013
- People in the Colorado Department of Education’s Adult Education Initiatives programs between 2013-2017
- People who took a GED exam in Colorado before 2012
The CDHE asked that anyone who has questions about the data incident to contact its hotline at 833-918-1247 or visit its website for ways to protect sensitive information.
CDHE said it is providing complimentary access to Experian identity restoration services to potentially impacted people, but enrollment must happen by May 31, 2024.
More information on the services CDHE is providing can be found at this link.