DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CO: Cedaredge company fined for not securing customer data

Posted on June 15, 2021 by Dissent

The Daily Sentinel reports:

A Cedaredge-based mobile home management company has been fined $25,000 for failing to secure its customers data.

The Colorado Attorney General’s Office announced the fine and an agreement for Impact MHC to implement new data security measures after a 2018 data breach.

According to a news release, the breach exposed sensitive information belonging to 15,000 people, including 719 Coloradans.

Read more on The Daily Sentinel. 

The following is the state’s press release:

Colorado mobile home company to pay $25,000, implement new safety measures after data of more than 700 Coloradans exposed

June 14, 2021—Attorney General Phil Weiser today announced that Colorado-based mobile home park management company Impact MHC will pay $25,000 and implement new safety measures after more than 15,000 people’s sensitive information was exposed in a data breach, including 719 Coloradans.

Impact MHC failed to properly safeguard sensitive information and allowed employees to send and maintain that information in their email accounts. In October 2018, criminals used a phishing scam to access Impact MHC’s employee email accounts that contained confidential personal information of Impact’s customers and employees, including Social Security numbers and financial details. The criminals had access to the accounts until July 2019.

After discovering the data breach, Impact took 10 months to provide notice to Colorado consumers, even though Colorado law generally requires notice of a data breach no later than 30 days after the breach occurs.

“Now more than ever companies must remain vigilant in the digital world,” said Weiser. “A data breach like the one at Impact MHC can put important consumer financial and personal information in the hands of the wrong people and cause significant harm to Coloradans and their families, as we have seen recently with regard to the unemployment insurance fraud that has led to over one million fraudulent claims. We will continue to hold companies accountable for safeguarding residents’ data.”

In today’s settlement, the company agreed to pay $25,000 to the Colorado Attorney General’s Office, and an additional $30,000 if it fails to implement other measures, like creating a written information disposal policy, a comprehensive cybersecurity program, and an incident response plan in the event of future data security incidents.

As cybercrime and identity theft pose an increasing threat to Coloradans, state law requires companies that maintain sensitive personal information to take reasonable steps to protect the information, dispose of it when it is no longer needed, and notify Colorado residents promptly when their information is at risk of being misused by unauthorized third parties.

Click here to learn more about companies’ responsibilities in the event of a data breach.

###

Category: Breach Incidents

Post navigation

← NYS Comptroller DiNapoli Releases School District Audit of East Syracuse-Minoa Central School District – Information Technology (Onondaga County and Madison County)
WI: Menominee Casino Resort temporarily closes after cyberattack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
  • Websites selling hacking tools to cybercriminals seized
  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database
  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.