Disclosure of massive Colorado higher education department breach deferred

Investigation by the Denver Gazette revealed that the Colorado Department of Higher Education failed to report a widespread ransomware-related data breach to the state attorney general's office within a month of discovering the incident, which is in violation of the state's breach notification law, according to StateScoop. CDHE had its systems known to be impacted by a ransomware attack on June 14 but several state college officials only became aware of the incident on July 28, when the intrusion was accidentally mentioned during a meeting, while both the Colorado Attorney General and the public were informed regarding the incident in early August, according to the Denver Gazette. In its public announcement of the breach, CDHE noted that its systems were infiltrated between June 11 and 19, resulting in the potential compromise of data from individuals who attended public higher education institutions across the state from 2007 to 2020 and those who went to public high schools across the state from 2004 to 2020, as well as those who were part of the state's Dependent Tuition Assistance Program from 2009 to 2013, among others.