Mobile home business will pay $ 25,000
Colorado mobile home company to pay $ 25,000 and implement new security measures after data of more than 700 Colorado residents is exposed
DENVER, CO (STL.News) Attorney General Phil weiser today announced that Colorado-based mobile home fleet management company Impact MHC will pay $ 25,000 and implement new security measures after the sensitive information of more than 15,000 people was exposed in a data breach, including 719 Coloradans.
Impact MHC failed to properly protect sensitive information and allowed employees to send and store this information in their email accounts. In October 2018, criminals used a phishing scam to gain access to the email accounts of Impact MHC employees that contained confidential personal information about customers and Impact employees, including social security numbers and details. financial. Criminals had access to the accounts until July 2019.
After discovering the data breach, Impact took 10 months to notify Colorado consumers, although Colorado law generally requires notification of a data breach no later than 30 days after the breach occurred.
“Now more than ever, businesses need to remain vigilant in the digital world,” Weiser said. “A data breach like the one at Impact MHC can put important consumers’ financial and personal information in the hands of the wrong people and cause significant harm to Coloradans and their families, as we have seen recently with regard to unemployment insurance fraud which has led to over a million fraudulent claims. We will continue to hold businesses accountable for protecting resident data. “
In today’s settlement, the company agreed to pay the Colorado attorney general’s office $ 25,000, and an additional $ 30,000 if it does not implement other measures, such as creating a policy. written information disposal plan, a comprehensive cybersecurity program and an incident response plan in the event of an incident. future data security incidents.
As cybercrime and identity theft pose a growing threat to Colorado residents, state law requires that companies that maintain sensitive personal information take reasonable steps to protect the information, disposing of it when it is not. are more necessary and promptly notify Colorado residents when their information is at risk of being misused by unauthorized third parties.