The Lobby

View Original

Colorado House Republicans Demand Answers in Higher Education Data Breach Cover-Up

See this content in the original post

The Colorado Department of Higher Education (CDHE) is under fire from Republican leaders for their handling of a massive data breach that occurred this summer.

In a two-page letter delivered to Governor Jared Polis and Attorney General Phil Weiser, House Minority Leader Mike Lynch and other House representatives called for an investigation into why the agency failed to timely report the breach and notify affected individuals as required by law.

The letter was signed by House Minority Leader Mike Lynch, R-Wellington, and Republican Reps. Rose Pugliese, the House assistant minority leader, Mary Bradfield of Colorado Springs, Don Wilson of Monument and Anthony Hartsook of Parker. Bradfield, Wilson and Hartsook are members of the House Education Committee.

According to The Denver Gazette, CDHE waited eight weeks to notify the attorney general's office about the breach, which contained personal data dating back two decades. State law mandates that such breaches must be reported within 30 days, but CDHE only made a public announcement about it on August 4th, the same day they reported it to the AG's office.

The breach, which began on June 11th and lasted until June 19th, affected thousands of records containing personal data of public high school and college students, K-12 educators, and GED recipients. However, the agency has not disclosed exactly how many people were affected.

But what is even more troubling is the mishandling of the breach by CDHE. The agency's senior director of data systems, Maggie Yang, let it slip in a meeting with outsiders on July 28th, causing panic among university officials who were not aware of the breach.

This led to a series of statewide emails by CDHE notifying college and university officials about the breach, rather than directly informing the affected individuals as required by law.

CDHE's excuse for the delay in reporting the breach was that they did not realize personally identifiable information was compromised until July 6th. However, records obtained by The Denver Gazette show that the breach was discovered on June 14th.

It wasn't until Yang's slip-up in a meeting that CDHE launched a systemwide notification plan and finally reported the breach to the AG's office on August 4th.

READ MORE:

This lack of transparency and timely communication by CDHE is deeply concerning. House Republicans are demanding an investigation into why the agency failed to act promptly and properly notify the affected students, teachers, and administrators. The representatives also stated that the size of the breach warrants more immediate action and leaves serious questions that require immediate attention from state leaders.

CDHE has since launched an investigation into the breach, but House Republicans are not satisfied. They believe that someone must be held accountable for the mishandling of such a serious data breach. Stay tuned for further updates as this story unfolds.

See this content in the original post