Skip to Content
Colorado Attorney General

Phil Weiser

Colorado Attorney General

File A Complaint
  • About Us
    • Attorney General Bio & Photos
    • Vision & Values
    • Senior Staff & Organization
    • Colorado Attorney General Annual Report
    • Attorney General Opinions
    • Contact Our Office
  • Sections
    • Administration
    • Business & Licensing
    • Civil Litigation & Employment Law
    • Consumer Protection
    • Criminal Appeals
    • Criminal Justice
    • Natural Resources & Environment
    • Division of Community Engagement
    • Revenue & Utilities
    • State Services
  • Careers
    • Attorney & Other Non-Classified Positions
    • Fellowships
    • Internships
    • Classified Staff Positions
    • Other Opportunities to Join our Team
  • Media Center
    • Press Room
    • Colorado Open Records Act – CORA
  • Resources
    • Survivors of Childhood Sexual Abuse
    • Victim Assistance
    • Budget & Accounting
    • Colorado Privacy Act
    • Code of Colorado Regulations
    • Colorado Revised Statutes
    • Coronavirus Information
    • Data Protection Laws
    • Funding Opportunities
    • Office of Financial Empowerment
    • Student Loans
    • Transparency Online Project (TOPS)
  • Licensing
    • Business Resources
    • Collection Agencies & Debt Collectors
    • Colorado Uniform Consumer Credit Code: Licensing & Notification
    • Debt Management Services Providers
    • Health Club Bonds
    • Repossessors
    • Student Loan Servicers: Licensing
    • Telemarketing
  • Recursos en español

Colorado reaches agreement with Colorado-based construction company that failed to protect the data of nearly 2,000 people

Nov. 8, 2021 (DENVER) — Attorney General Phil Weiser today announced Colorado-based SEMA Construction will update its data security practices and pay more than $63,000 after it failed to protect the personal information of nearly 2,000 Colorado employees and residents.

Colorado law requires companies that maintain sensitive personal information to take reasonable steps to protect information, to dispose of it when it is no longer needed, and to notify Colorado residents promptly when their information is at risk of being misused by unauthorized third parties.

“Both Coloradans and Colorado companies should know we are committed to ensuring personal information is protected,” Weiser said. “Cybercrime and identity theft threaten the wellbeing of all residents, and we must hold businesses accountable to lawfully safeguarding sensitive information.”

SEMA violated Colorado data security laws when it failed to maintain reasonable security practices and notify Colorado residents of a 2018 data breach in a timely manner.

When SEMA was the target of a phishing attack in October 2018, the company did not have a data disposal policy. SEMA employees had stored personal information, such as Social Security numbers, bank account or routing numbers, and driver’s license numbers, in their employee email accounts for as long as 20 years. The company failed to account for this risky practice and did not take a comprehensive approach to information security, as it should have, given its size and the nature of the information it maintained.

When SEMA discovered the phishing attack impacted employees’ email accounts nearly a year later, the company was unprepared to notify impacted Coloradans of the breach. Although the company learned of the breach in 2019, SEMA didn’t notify some employees of the breach until Oct. 1, 2020. Other employees weren’t notified until Dec. 30, nearly 16 months after the company discovered the phishing attack.

In the settlement, the company agreed to update its security practices by maintaining an incident response plan, an information security plan, and an information disposal policy. SEMA will also submit reports to the Department of Law to ensure it complies with Colorado law to protect personal information of its clients and employees in the future.

Click here to learn more about Colorado’s data protection laws.

###

Media Contact
Lawrence Pacheco
Director of Communications
(720) 508-6553 office | (720) 245-4689 cell
Lawrence.pacheco@coag.gov

Click here to learn about Colorado’s data protection laws →

Most Recent

Colorado Springs woman charged with stealing $240K from Medicaid in fraudulent billing

May 19, 2022 (DENVER)—Attorney General Phil Weiser today announced that the Colorado Department of Law has filed charges against a Colorado Springs woman for submitting Medicaid claims and being paid for psychological testing services that never happened. An investigation by […]

Colorado Unify Challenge brings together hundreds of Coloradans, inspires hope for the future of the state

99% of Participants Would Recommend the Experience to Family and Friends May 17, 2022 (DENVER) – Over the course of three days in late April, The Colorado Unify Challenge took place, bringing together hundreds of Coloradans from every corner of […]

Comcast customers able to save money on HD television service under agreement with Colorado Attorney General’s Office

May 13, 2022 (DENVER)—Approximately 40,000 Comcast customers can switch without penalty to a new plan that does not include a monthly $9.95 fee for high-definition television service under an agreement Attorney General Phil Weiser announced today. In the early 2000s, […]

Office of the Attorney General
Colorado Department of Law
Ralph L. Carr Judicial Building
1300 Broadway, 10th Floor
Denver, CO 80203

(720) 508-6000

Contact the Office of the Attorney General

Contact

Facebook
Twitter