Mobile home business hit by hackers must pay Colorado attorney general $ 25,000



For nearly a year, hackers who broke into the email accounts of a national company had access to hundreds of confidential personal information from Coloradans, according to a statement by State Attorney General Phil Weiser. . The company, which manages mobile home fleets, reportedly took 10 months to notify employees and customers whose information was leaked.

Weiser announced Monday that Impact Mobile Home Communities must pay its office $ 25,000 and implement new security measures, under the terms of a settlement. Across the country, more than 15,000 people – including 719 in Colorado – had their sensitive information exposed in the Impact MHC hack of October 2018, and hackers had access to the information until July 2019. It’s 10 more months have passed. before MHC Impact is notified affected employees and customers, according to the regulations.

“Now more than ever, businesses need to remain vigilant in the digital world,” Weiser said in the statement. “A data breach like the one at Impact MHC can put important consumers’ financial and personal information in the hands of the wrong people and cause significant harm to Coloradans and their families, as we’ve seen recently regarding unemployment insurance fraud which has led to over a million fraudulent claims. We will continue to hold businesses accountable for protecting resident data. “

The money that Impact MHC has to pay to the Attorney General’s office will be used for state fees and attorney fees, the if necessary payment of restitution, and “future consumer fraud or enforcement.” for antitrust laws, consumer education or for public welfare purposes, ”according to the terms regulation.

from Colorado data security laws require individuals and organizations that hold personally identifiable information to create a policy governing the destruction of data. This type of data includes social security numbers, passwords, driver’s license numbers, etc.

Under applicable state law, individuals and entities must also take reasonable steps to protect the personal information of others and must notify customers or employees of security breaches. Colorado law generally requires companies to report a data breach no later than 30 days after it occurs, according to the Weiser office statement.

The Colorado General Assembly recently passed new legislation, Senate Bill 21-190, which would further regulate how companies protect personal data. The bipartisan team leading the legislation included Senator Robert Rodriguez, a Democrat from Denver, and Paul Lundeen, a Republican from Monument, as well as Representatives Monica Duran, a Democrat from Wheat Ridge, and Terri Carver, a Republican from Colorado Springs.

If Governor Jared Polis enacted SB-190, starting in 2023, consumers could opt out of their personal data being processed by a business and would have the right to access, correct or delete the data. Only two other states, California and Virginia, have passed similar laws.

The Colorado attorney general would have the power to write rules for companies to follow in order to comply with SB-190. The state attorney general or district attorneys could penalize companies that violate SB-190 requirements, using existing laws regarding deceptive marketing practices.


Leave A Reply

Your email address will not be published.