In recent years, with the rapid development of science and technology, the Internet has penetrated into every aspect of our lives, bringing unprecedented convenience to information dissemination and communication. At the same time, the threat of cyber attacks is also constantly escalating and evolving, posing huge challenges to all walks of life. Recently, the U.S. education system has become one of the targets of cyberattacks.
On August 7, local time in the United States, the Colorado Department of Higher Education (CDHE) published a data incident notice on its website, mentioning that the organization discovered a cyber attack involving ransomware on June 19.
Cybercriminals appear to have accessed CDHE systems between June 11 and June 19, obtaining names, Social Security numbers, student identification numbers, and other education records.
Affected individuals include individuals who attended a Colorado public higher education institution between 2007-2020, individuals who attended a Colorado public high school between 2004-2020, and individuals who held a Colorado K-12 public school education degree between 2010-2014 Individuals with a worker's license, individuals who participated in the Dependent Tuition Assistance Program from 2009-2013, individuals who participated in the Colorado Department of Education's Adult Education Initiative program from 2013-2017, and individuals who earned their GED between 2007-2011 Individuals, these may be affected by this incident.
SecurityWeek checked the websites of several major ransomware groups and did not see any mention of CDHE.
Organizations in the education sector are frequently targeted by profit-motivated cybercriminals, and the US government has issued multiple alerts over the past year regarding such attacks.
In July, Colorado State University (CSU) confirmed that Clop ransomware stole sensitive personal information of current and former students and employees in a MOVEit Transfer data theft attack.
Colorado State University is a public research university with nearly 28,000 students and 6,000 academic and administrative staff, operating on an endowment of $558 million.
The university notified its students and staff that threat actors had obtained personal data of staff and students through these attacks.
Regarding this data breach, Colorado State University has issued a statement on a webpage dedicated to cyber incidents: Affected people include some data of CSU students and employees, including personally identifiable information, such as first name, middle initial, and last name. , date of birth, student or employee identification number, Social Security number, and demographic information such as gender, race, education level, and field. And the stolen data can be traced back to 2021, or even earlier, which means graduates may have been affected.
The breach of these data was not the direct result of a breach of any systems operated or maintained by Colorado State University, but was the result of a breach of the university's service providers, TIAA, National Student Clearinghouse, Corebridge Financial, Genworth Financial, Sunlife and The Hartford caused by compromise.
All of these providers use the MOVEit Transfer secure file transfer platform, which was compromised in a wave of data theft attacks in May this year. The above-mentioned entities provide services to many universities in the United States, so other educational institutions may soon issue similar disclosures.
Since then, Stony Brook University, the University of Delaware and Western University of Health Sciences have issued data breach notifications related to the breaches at TIAA, NSC and Corebridge Financial.
Following the incident, Colorado State University conducted an internal investigation to determine which records and individuals were affected by the incident and will send individual notification letters containing additional resources and safeguarding guidance to those individuals.
At the end of May this year, the Greek Ministry of Education said that the country's year-end high school examinations were interrupted due to one of the most widespread cyber attacks in the country's history.
This distributed denial-of-service attack (DDoS) targeted Greece’s online exam platform, which aims to develop unified national exam standards. In a DDoS attack, a server is flooded with Internet traffic from various sources at the same time.
A system outage at the Subject Bank left students waiting in classrooms for hours for exams to begin, local media reported. The two-day attack caused disruptions and delays to high school exams but did not completely paralyze the system.
Reference links:
[1]https://www.securityweek.com/colorado-department-of-higher-education-discloses-ransomware-attack-data-breach/
[2]https://www.bleepingcomputer.com/news/security/colorado-state-university-says-data-breach-impacts-students-staff/
[3]https://therecord.media/cyberattack-disrupts-greek-exams