Cyber-extortionists pillage Colorado education dept
Hey, breacher, leave those kids alone
Data going back as far as nearly 20 years may have been stolen from the Colorado Department of Higher Education (CDHE) after ransomware extortionists breached the government body's IT systems.
According to a security notice regarding the snafu, CDHE said it became aware of the intrusion on June 19 and believes the thief or thieves gained access as early as June 11.
The department on Friday said its investigations were ongoing, and said "certain data was copied" from its systems, including names, social security numbers, student identification numbers, and dates of birth.
As the probe is ongoing, CDHE told us today it can't share details on the number of individuals affected, though it did publish a list of those potentially impacted, including:
- Students at Colorado public institutions of higher education who attended between 2007 and 2020
- Colorado public high school students who attended between 2004 and 2020
- Those who held a Colorado K-12 public school educator license between 2010 and 2014
- Residents who participated in the Dependent Tuition Assistance Program between 2009 and 2013
- Adult education initiative participants who were enrolled between 2013 and 2017
- Coloradans who received a GED between 2007 and 2011
In response, the US state's officials said they are "reviewing our policies and procedures and are working to implement additional cybersecurity security safeguards to further protect our systems," as well as providing 24 months of credit monitoring through Experian to all those affected.
CDHE told The Register it has regained use of its servers, and is working to restore damaged systems via backups, claiming that normal services have been restored. The department also told us it has identified the gang responsible for the ransacking and their ingress method, but wouldn't share the details until its probe was complete.
Presumably the crooks wanted to swipe the information so that they could demand a payment in exchange for not releasing or selling off that sensitive data, which they may do anyway.
- CISA sends schools back to the classroom on security
- UK telco watchdog Ofcom, Minnesota Dept of Ed named as latest MOVEit victims
- US school year opens with reading, writing, and ransomware
- Cybercriminals made $7bn in pure profit in 2021, says FBI
The education sector has become a notable target for cybercriminals, especially since schools were forced to adopt wider use of remote access technology during the COVID-19 pandemic. Educational facilities also tend to have underfunded and overworked IT departments to deal with any threats.
US schools, especially K-12 primary education districts, are often woefully unprepared for modern security threats, according to Uncle Sam's cybersecurity agency CISA. American school bosses reported a total of 400 cyber incidents in 2018, and 1,300 in 2021, CISA said, and 29 percent of districts said they failed to resist an attack in 2022.
Just under a year ago the Los Angeles Unified School District, the second-largest district of its kind in the United States, was hit by a ransomware outfit. Just a day later, the FBI and CISA warned that Vice Society, a criminal crew believed to be operating out of Russia, had begun heavily targeting the US education sector.
"School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable," the Feds noted in a September report. Unfortunately, based on CISA's own standards, most districts in the country apparently fall into that category. ®