DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CO: Cedaredge company fined for not securing customer data

Posted on June 15, 2021 by Dissent

The Daily Sentinel reports:

A Cedaredge-based mobile home management company has been fined $25,000 for failing to secure its customers data.

The Colorado Attorney General’s Office announced the fine and an agreement for Impact MHC to implement new data security measures after a 2018 data breach.

According to a news release, the breach exposed sensitive information belonging to 15,000 people, including 719 Coloradans.

Read more on The Daily Sentinel. 

The following is the state’s press release:

Colorado mobile home company to pay $25,000, implement new safety measures after data of more than 700 Coloradans exposed

June 14, 2021—Attorney General Phil Weiser today announced that Colorado-based mobile home park management company Impact MHC will pay $25,000 and implement new safety measures after more than 15,000 people’s sensitive information was exposed in a data breach, including 719 Coloradans.

Impact MHC failed to properly safeguard sensitive information and allowed employees to send and maintain that information in their email accounts. In October 2018, criminals used a phishing scam to access Impact MHC’s employee email accounts that contained confidential personal information of Impact’s customers and employees, including Social Security numbers and financial details. The criminals had access to the accounts until July 2019.

After discovering the data breach, Impact took 10 months to provide notice to Colorado consumers, even though Colorado law generally requires notice of a data breach no later than 30 days after the breach occurs.

“Now more than ever companies must remain vigilant in the digital world,” said Weiser. “A data breach like the one at Impact MHC can put important consumer financial and personal information in the hands of the wrong people and cause significant harm to Coloradans and their families, as we have seen recently with regard to the unemployment insurance fraud that has led to over one million fraudulent claims. We will continue to hold companies accountable for safeguarding residents’ data.”

In today’s settlement, the company agreed to pay $25,000 to the Colorado Attorney General’s Office, and an additional $30,000 if it fails to implement other measures, like creating a written information disposal policy, a comprehensive cybersecurity program, and an incident response plan in the event of future data security incidents.

As cybercrime and identity theft pose an increasing threat to Coloradans, state law requires companies that maintain sensitive personal information to take reasonable steps to protect the information, dispose of it when it is no longer needed, and notify Colorado residents promptly when their information is at risk of being misused by unauthorized third parties.

Click here to learn more about companies’ responsibilities in the event of a data breach.

###

Category: Breach Incidents

Post navigation

← NYS Comptroller DiNapoli Releases School District Audit of East Syracuse-Minoa Central School District – Information Technology (Onondaga County and Madison County)
WI: Menominee Casino Resort temporarily closes after cyberattack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
  • Call for Public Input: Essential Cybersecurity Protections for K-12 Schools (2025-26 SY)
  • Cyberattack puts healthcare on hold for hundreds in St. Louis metro
  • Europol: DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants
  • DOGE aims to pool federal data, putting personal information at risk
  • Privacy concerns swirl around HHS plan to build Medicare, Medicaid database on autism

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.