ConsumerMoneyScience and Tech


More than 90,000 Coloradans' personal data stolen in the past four months

AG's office says 33 organizations reported breaches
Posted at 6:38 PM, Feb 13, 2019
and last updated 2019-02-14 11:03:55-05

DENVER -- There's a good chance your data was stolen in 2018.

In fact, in the last four months since a new state law went into effect, more than 90,000 Coloradans have had their personal data stolen and 33 organizations have reported data breaches, according to the Colorado Attorney General's Office.

"It says that if you don't think your data has been accessed by bad people, you're not paying attention," said Colorado Attorney General Phil Weiser.

The updates to Colorado's Consumer Protection Act went into effect on Sept. 1, requires companies to report any data breaches to the state and notify consumers within 30 days if the attacks impacted more than 500 Coloradans.

"If you, as a consumer, suffer because your data has been released into the wrong hands you get to know about it," said Weiser.

Weiser, along with 30 attorneys general across the country, have recently signed a letter to the Federal Trade Commission (FTC) opposing any repeal or modifications of existing identify theft rules. The letter also asks the feds to put more protections in place for consumers.

"We're worried about an effort to undermine existing rules or just not keep them current enough because this is not a situation where people can just be complacent," said Weiser. "Sometimes people say, 'oh, this data breach law it could be a burden on businesses.'"

Best bets to protect your account

Security expert and Metro State Computer Science Professor Steve Beaty said you should give up as little information online as you can and memorize the answers to those security questions they ask you to fill out, in case you forget your password.

"The recommendation is: lie; never tell the truth on those security questions," said Beaty. "Don't tell them what your mother's maiden name is, anyone can find that out."

He also said you should use a unique password for every site your login into.

"Best practices these days is 20 characters - completely random password, which of course we're not going to remember, but we need to remember the one password that opens up our password manager or our password safe," explained Beaty.