Out-of-State Scammers Targeted: How Colorado is Expanding Its Criminal Reach

What This Bill Actually Does

Let's talk about how the justice system actually works when borders are involved. Currently, Colorado law dictates that a person can be prosecuted here if a crime is committed "wholly or partly" within the state. But historically, the statute only clearly defined the "result" of a crime happening in Colorado for one specific extreme: homicide. If a body is found within state lines, the law presumes the death occurred here. But what about the crimes most of us actually worry about on a daily basis—like fraud, identity theft, and hacking? If a cybercriminal sitting in a basement in Florida drains a bank account belonging to a retired teacher in Denver, defense attorneys have historically been able to argue that Colorado lacks jurisdiction. They could claim the actual criminal conduct—the keystrokes—happened down south, leaving local prosecutors with their hands tied.

HB26-1060 is designed to fix this glaring loophole by rewriting Section 18-1-201 of the Colorado Revised Statutes. It explicitly expands the legal definition of a crime's "result" to include any conduct that causes injury, loss, or damage to someone located in the state. Specifically, the bill gives Colorado jurisdiction if an out-of-state bad actor deprives a resident of a thing of value, violates their rights or privileges protected by law, cuts off their access to electronic information, or steals the victim's identity. This effectively brings our criminal code into the digital age, treating remote financial and digital harm exactly like physical harm.

Here is the most important provision in the entire bill: The legislation explicitly states that a person does not need actual knowledge that the victim is located in the state to be prosecuted here. This is a massive blow to the standard legal defense in digital fraud cases. If a hacker casts a wide net with a phishing scam or a ransomware attack and ends up ensnaring a Colorado business or resident, ignorance of state lines isn't a get-out-of-jail-free card. The official legislative declaration highlights that this expansion of jurisdiction is particularly vital for protecting Colorado's elderly population, who are disproportionately targeted by cross-border fraud schemes and desperately need the full authority of Colorado law behind them.

What It Means for You

If you have ever had your credit card skimmed by someone three time zones away, or watched an elderly relative fall victim to an elaborate phone scam, you already know how deeply frustrating the aftermath can be. You call the local police, and they often throw up their hands, explaining that the perpetrator is outside their jurisdiction. Meanwhile, federal agencies like the FBI generally only take on cases involving massive, multi-million-dollar operations. That leaves the average citizen stuck in a jurisdictional no man's land. This bill aims to bridge that exact gap. By giving your local District Attorney the clear, unquestionable legal authority to pursue these cases, the state is paving the way for actual accountability when an out-of-state bad actor steals your data or your hard-earned dollars.

For the average Colorado family, this legislation is fundamentally about identity theft, elder abuse, and digital security. While passing a law in Denver won't magically solve the logistical nightmare of physically catching international hackers, it absolutely removes the bureaucratic red tape that prevents local prosecution of stateside scammers. If an identity thief in Texas uses your social security number, Colorado courts will now view that crime as having occurred right here in your living room. If the bill passes, these new rules go into effect on July 1, 2026, applying to any offenses committed on or after that date.

What you should do right now:

• Lock down your digital footprint: Since this law signals a broader crackdown on remote identity theft, take five minutes today to freeze your credit with the major bureaus (Equifax, Experian, TransUnion).
• Talk to your aging relatives: They are the specifically stated focus of this bill. Make sure they understand how to spot modern phone, text, and email scams, and let them know that local law enforcement will soon have more teeth to fight for them.
• Share your story: Have you or your family been victims of out-of-state fraud? Contact the House Judiciary Committee and share your experience. Real stories from real Coloradans push common-sense bills like this across the finish line.

What It Means for Your Business

For business owners across Colorado, this legislation is a quiet but crucial upgrade to your legal toolkit. Think about the modern threat landscape your business faces every day: ransomware attacks locking up your customer database, vendor email compromise schemes that redirect your payments, and sophisticated wire fraud. Right now, if your Colorado-based company gets locked out of its own servers by an out-of-state hacker, getting local law enforcement to open a meaningful case is an uphill battle over jurisdiction. By adding the phrases "access to electronic information" and "things of value" directly into the state's jurisdictional statute, Colorado is officially clearing the path for local DAs to go after the people hurting your bottom line.

This is especially critical for industries that handle sensitive client data or large transactions—think real estate brokerages, accounting firms, medical practices, and general contractors managing heavy payrolls. If a bad actor intercepts a wire transfer meant for your suppliers, this bill means Colorado prosecutors can theoretically go to bat for you, regardless of where the thief was sitting when they hit "send." However, as a business owner, you cannot let this give you a false sense of security. Local police still have to actually catch these people. That means your business must have solid digital forensics in place when a breach happens so you can hand the DA a prosecuting package they can actually use in court.

Your action items for this week:

• Review your cyber liability insurance: Make sure your policy covers the costs of immediate forensic investigations. Local DAs will need undeniable proof to build a case against remote attackers, and you will need professionals to gather it.
• Update your incident response plan: If a breach happens after July 1, 2026, your local DA might actually want the evidence. Ensure your IT team knows exactly how to preserve server logs, IP addresses, and communication records without corrupting them.
• Brief your accounting team: Remind your staff about the dangers of wire fraud and compromised emails. Even with stronger laws, the best defense is never sending the money to the wrong person in the first place.

Follow the Money

You might reasonably expect that a bill expanding criminal jurisdiction to cover out-of-state actors would come with a hefty, multi-million-dollar price tag. However, the official fiscal note from Legislative Council Staff paints a surprisingly different picture, projecting minimal state revenue and expenditure impacts. Because HB26-1060 doesn't actually create any new crimes—it merely clarifies where existing crimes can be prosecuted—budget analysts anticipate only a slight bump in cases for the Judicial Department, public defenders, and the Department of Corrections. For the budget years FY 2026-27 and FY 2027-28, the official state expenditure is pegged at exactly $0.

But let's look at the reality on the ground. At the local level, District Attorneys and county law enforcement might see a marginal increase in their workload as they begin to take on remote fraud cases they previously would have declined or passed off. The fiscal note acknowledges this, noting that local governments may face increased expenditures depending on how aggressively courts and DAs pursue these cross-border cases. Essentially, the state is asking the existing justice system to cast a wider net to protect Coloradans, but it isn't handing out a bigger budget upfront to do so. Any future funding needs will have to be addressed through the annual budget process if the legal system gets bogged down.

Where This Bill Stands

HB26-1060 was introduced in the House on January 14, 2026, and was immediately assigned to the House Judiciary Committee. It recently saw its first major piece of action with a committee hearing dedicated to witness testimony and discussion on February 4, 2026.

Because this is a bipartisan, common-sense modernization of the law with basically zero upfront fiscal impact, it has a very strong trajectory and a high likelihood of sailing through the legislature. The lack of a required budget appropriation removes the biggest hurdle that typically kills good bills. Keep an eye out for an official committee vote in the coming weeks. If it passes the Judiciary Committee as expected, it will head to the House floor for a broader debate before crossing over to the Senate for final approval.