Information Security Updates

The Colorado Department of Higher Education (CDHE) notified the University that CDHE was the victim of a cybersecurity ransomware incident that impacted its network systems. CDHE took steps to secure the network and has been working with third-party specialists to conduct a thorough investigation into this incident. CDHE has also worked to restore its systems and return to normal operations. 

MSU Denver received an update from CDHE on Nov. 2 stating that their investigation is expected to be completed in the next few weeks, at which time a list of impacted individuals and associated data points can be provided.

No systems operated or maintained by MSU Denver were breached.

We have been notified that the attack could potentially result in unauthorized access to sensitive information belonging to individuals attending any public institution of higher education in Colorado between 2007-2020, including MSU Denver.

We are awaiting more details from CDHE to understand if and how many students who attended MSU Denver were impacted.

CDHE is offering impacted individuals two years of free credit monitoring and identity theft protection services through Experian and has set up a dedicated hotline at (833) 301-1346.

This is a CDHE incident impacting institutions state-wide and is not being managed by MSU Denver. However, we understand that you may have additional questions. For more information, please:

• Visit http://cdhe.colorado.gov/notice-of-data-incident 
• Call CDHE’s designated hotline at (833) 301-1346 between 7 a.m. to 9 p.m. Mountain Time, Monday through Friday, and 9 a.m. to 6 p.m. Mountain Time, Saturday and Sunday (excluding U.S. holidays).
• Email: [email protected].  

The National Student Clearinghouse (NSC) notified the University that the global attack against the MOVEit Transfer software, a secure file transfer tool used by hundreds of government agencies, universities, and businesses to transfer sensitive information may have impacted them.  

No systems operated or maintained by MSU Denver were breached.

The attacks could potentially result in unauthorized access to sensitive information belonging to some members of our community.

The exact nature of the NSC data exposure has yet to be discovered and continues to be investigated by the vendors and authorities.

IF your personal data is included in the exposure, you will be notified directly by the vendors.

The affected vendors have fixed the vulnerability. They are working with federal agencies and other experts to determine which records and individuals have been affected. 

MSU Denver has performed a thorough review and determined no systems operated or maintained by MSU Denver were breached. We will continue to proactively review and enhance our internal systems and processes.

If your personal information was impacted, you will receive a notification and further instructions directly from the responsible vendor, as required by law.

The investigation is expected to be extensive and may require a significant amount of time. We will update this website regularly as more information becomes available.

The National Student Clearinghouse is a nonprofit organization that provides educational reporting, data exchange, and verification services to thousands of colleges and universities nationwide. MSU Denver works with the clearinghouse on enrollment and degree verification services and student loan reporting requirements.

• A small number of employee accounts with non-active records used by Pension Benefit Information (PBI), a third-party software organization that audits death records for insurance companies including Teachers Insurance and Annuity Association of America (TIAA), may have been impacted.  
• TIAA’s systems are not impacted nor susceptible to the security vulnerability associated with this incident. 
• Impacted employees have received individualized communication outlining what happened and available resources. 
• More information is available here www.pbinfo.com/faq-communication/ 

• For updates from NSC visit: alert.studentclearinghouse.org/.
• MSU Denver will update this website regularly as more information becomes available. 
• Further student questions can be directed to [email protected].

MSU Denver has a solid security program in compliance with applicable data privacy and security standards. We leverage multi-factor authentication, data encryption, and security event and incident management tools. The University also performs regularly scheduled assessments, among other security measures.

• Monitor Your Accounts: Regularly review your bank statements, credit reports, and insurance statements for any unusual activity. If you notice anything suspicious, promptly report it to your financial institutions. 
• Use Strong Passwords and Account Security: Update your online accounts with unique and strong passwords. Enable multi-factor authentication wherever possible. 
• Be Wary of Suspicious Emails or Communications: Stay vigilant against phishing attempts and suspicious emails or messages. Do not click on any links or provide personal information unless you are certain of the source’s authenticity. 
• Fraud Alerts: Consider placing a free fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. When one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for one year.  
• Credit Freezes: Consider placing a credit freeze with major credit bureaus. This will add an extra layer of security and make it harder for anyone to open new accounts using your information. 
• Contact any one of the three major credit bureaus to place an alert or credit freeze. 
  • Equifax: equifax.com/personal/credit-report-services or 1-800-685-1111 
  • Experian: experian.com/help or 1-888-397-3742 
  • TransUnion: transunion.com/credit-help or 1-888-909-8872

Learn more about proactive steps you can take at www.identitytheft.gov/databreach.