Data Breach Alert: Ethos Technologies, Inc. | Console and Associates, P.C.

Sam Fried

Table of Contents What We Know So Far About the Ethos Technologies BreachWhat Are Consumers’ Remedies in the Wake of the Ethos Data Breach?What Should You Do if You Receive an Ethos Data Breach Notification? Recently, Ethos Technologies, Inc. confirmed that the company was the target of a sophisticated cyber […]

Recently, Ethos Technologies, Inc. confirmed that the company was the target of a sophisticated cyber attack. As a result of the attack, the names and driver’s license information of as many as 13,300 people were compromised. The data breach lawyers at Console & Associates, P.C. are actively investigating the security breach. As a part of this investigation, lawyers are interviewing those victims of the Ethos Technologies data breach who are interested in determining what harm was caused as a result of the incident and what their potential remedies may be. If it turns out that Ethos Technologies failed to adequately protect consumer data, affected parties may be able to bring a data breach class action lawsuit against the company.

Often, data breaches are the result of a hacker gaining unauthorized access to a company’s computer systems with the intention of obtaining sensitive consumer information. While no one can know the reason why a hacker targeted Ethos Technologies, Inc., it is common for hackers and other criminals to identify those companies believed to have weak data security systems or vulnerabilities in their networks.

Once a cybercriminal gains access to a computer network, they can then access and remove any data stored on the compromised servers. While, in most cases, a company experiencing a data breach can identify which files were accessible, there may be no way for the company to tell which files the hacker actually accessed or whether they removed any data.

While the fact that your information was compromised in a data breach does not necessarily mean it will be used for criminal purposes, being the victim of a data breach puts your sensitive data in the hands of an unauthorized person. As a result, you are at an increased risk of identity theft and other frauds, and criminal use of your information is a possibility that should not be ignored.

Given this reality, individuals who receive an Ethos Technologies data breach notification should take the situation seriously and remain vigilant in checking for any signs of unauthorized activity. Businesses like Ethos Technologies are responsible for protecting the consumer data in their possession. If evidence emerges that the company failed to adequately protect your sensitive information, you may be eligible for financial compensation through a data breach lawsuit.

What We Know So Far About the Ethos Technologies Breach

Ethos Technologies, Inc. (“Ethos,” “Ethos Technologies”) is a technology company based in San Francisco, California. The company is focused on making it easier for consumers to purchase life insurance policies. Ethos offers a new approach to shopping for life insurance, eliminating some of the common barriers that prevent many consumers from purchasing policies. Ethos Technologies, Inc. operates in some states as Ethos Life Insurance Services.

According to an official filing by the company, on January 22, 2022, Ethos learned that the online system it uses to write life insurance policies was targeted in a sophisticated cyberattack. The company investigated the incident, learning that an unauthorized party may have been able to obtain certain consumers’ driver’s license numbers between July 15, 2021 and January 12, 2022. However, to access this information, the unauthorized party would need to have already obtained a consumer’s name, address, date of birth, and state of issuance. Ethos notes that none of this information was available to the unauthorized party through its computer system, meaning the hacker would have needed to obtain it through another source.

On February 11, 2022, Ethos Technologies, Inc. began sending out data breach notification letters to all individuals affected by the breach.

What Are Consumers’ Remedies in the Wake of the Ethos Data Breach?

When customers decided to do business with Ethos Technologies, Inc., they assumed that the company would take their privacy concerns seriously. And it goes without saying that consumers would think twice before giving a company access to their information if they knew it wasn’t going to be secure. Thus, data breaches such as this one raise questions about the adequacy of a company’s data security system.

When a business, government entity, non-profit organization, school, or any other organization accepts and stores consumer data, it also accepts a legal obligation to ensure this information remains private. The United States data breach laws allow consumers to pursue civil data breach claims against organizations that fail to protect their information.

Of course, given the recency of the Ethos Technologies, Inc. data breach, the investigation into the incident is still in its early stages. And, as of right now, there is not yet any evidence suggesting Ethos Technologies, Inc. is legally responsible for the breach. However, that could change as additional information about the breach and its causes is revealed.

If you have questions about your ability to bring a data breach class action lawsuit against Ethos Technologies, Inc., reach out to a data breach attorney as soon as possible.

What Should You Do if You Receive an Ethos Data Breach Notification?

If Ethos Technologies, Inc. sends you a data breach notification letter, you are among those whose information was compromised in the recent breach. While this isn’t a time to panic, the situation warrants your attention. Below are a few important steps you can take to protect yourself from identity theft and other fraudulent activity:

  1. Identify What Information Was Compromised: The first thing to do after learning of a data breach is to carefully review the data breach letter sent. The letter will tell you what information of yours was accessible to the unauthorized party. Be sure to make a copy of the letter and keep it for your records. If you have trouble understanding the letter or what steps you can take to protect yourself, a consumer privacy lawyer can help.

  2. Limit Future Access to Your Accounts: Once you determine what information of yours was affected by the breach, the safest play is to assume that the hacker orchestrating the attack stole your data. While this may not be the case, it’s better to be safe than sorry. To prevent future access to your accounts, you should change all passwords and security questions for any online account. This includes online banking accounts, credit card accounts, online shopping accounts, and any other account containing your personal information. You should also consider changing your social media account passwords and setting up multi-factor authentication where it is available.

  3. Protect Your Credit and Your Financial Accounts: After a data breach, companies often provide affected parties with free credit monitoring services. Signing up for the free credit monitoring offers some significant protections and doesn’t impact any of your rights to pursue a data breach lawsuit against the company if it turns out they were legally responsible for the breach. You should contact a credit bureau to request a copy of your credit report—even if you do not notice any signs of fraud or unauthorized activity. Adding a fraud alert to your account will provide you with additional protection.

  4. Consider Implementing a Credit Freeze: A credit freeze prevents anyone from accessing your credit report. Credit freezes are free and stay in effect until you remove them. Once a credit freeze is in place, you can temporarily lift the freeze if you need to apply for any type of credit. While placing a credit freeze on your accounts may seem like overkill, given the risks involved, it’s justified. According to the Identity Theft Resource Center (“ITRC”), placing a credit freeze on your account is the “single most effective way to prevent a new credit/financial account from being opened.” However, just 3% of data breach victims place a freeze on their accounts.

  5. Regularly Monitor Your Credit Report and Financial Accounts: Protecting yourself in the wake of a data breach requires an ongoing effort on your part. You should regularly check your credit report and all financial account statements, looking for any signs of unauthorized activity or fraud. You should also call your banks and credit card companies to report the fact that your information was compromised in a data breach.

Below is the relevant portion of the initial data breach letter issued by Ethos Technologies, Inc. (the actual notice sent to consumers can be found here):

Dear [Consumer],

On behalf of Ethos Technologies Inc. (“Ethos”), we are writing to inform you of a recent security incident where unauthorized actors may have accessed your driver’s license number. While we have no evidence to suggest that your driver’s license number has been misused, we are notifying potentially affected individuals and are providing them the opportunity to enroll in free credit monitoring.

What Happened? Ethos offers life insurance policies through an online application process. On January 12, 2022, we learned that unauthorized actors had launched a sophisticated attack against our online insurance application flow to access certain persons’ driver’s license numbers. We immediately began an investigation and took prompt action to prevent any further unauthorized access to this information.

Based on our investigation, to obtain your driver’s license number, the unauthorized actors needed to already have the following information about you, which they obtained from other sources: first and last name, date of birth, residential address, and driver’s license state of issuance. They then entered this information into our online insurance application flow to exploit a feature that validates applicant driver’s license numbers through a third-party service. Next, the unauthorized actors used specialized web tools to access driver’s license numbers from the page source code of our website. Importantly, this information did not appear on the public-facing parts of our website. The unauthorized activity spanned from approximately July 15, 2021 through January 12, 2022.

What Information Was Involved? Your driver’s license number.

What We Are Doing. We notified federal law enforcement and took prompt action to prevent any further unauthorized access to driver’s license numbers. These measures included technical changes to our website’s page source code. We also engaged an independent forensic investigation firm to assist our investigation of and response to this incident. These measures are in addition to those we have regularly maintained, which include penetration testing by internal and external security experts, annual cyber security audits, and threat prevention and detection software.

What You Can Do. We have arranged for you, at your option, to enroll in a free two-year credit monitoring and identity theft protection service. We have engaged Experian® to provide you with its IdentityWorksSM service, which includes credit monitoring, identity theft detection and resolution services, and up to $1 million of identity theft insurance.1 You must enroll by May 31, 2022 to activate this service by using the following activation code: ABCDEFGHI. This code is unique for your use and should not be shared. To enroll, visit https://www.experianidworks.com/credit or call (833) 671-0409. Please reference the following engagement number: B026792.

For More Information. For more information about this incident, or if you have questions or concerns, you may contact a dedicated team at (833) 671-0409 between the hours of 8 a.m. to 10 p.m. Central time, Monday through Friday (excluding major U.S. holidays), and from 10 a.m. to 7 p.m. Central time, on Saturday and Sunday.

For District of Columbia Residents: You may obtain information about avoiding identity theft from the District of Columbia Attorney General’s Office: Office of the Attorney General, 400 6th Street, NW, Washington, DC 20001, 202-727-3400, https://oag.dc.gov/.

For Maryland Residents: You may also obtain information about preventing and avoiding identity theft from the Maryland Office of the Attorney General: Maryland Office of the Attorney General, Consumer Protection Division, 200 St. Paul Place, Baltimore, MD 21202, 1-888-743-0023, www.oag.state.md.us.

For Massachusetts Residents: You have the right to obtain a police report.

For New York Residents: You may also obtain information about preventing and avoiding identity theft from the New York Attorney General’s Office: Office of the Attorney General, The Capitol, Albany, NY 12224-0341, 1-800-771-7755, https://ag.ny.gov/internet/privacy-and-identity-theft.

For North Carolina Residents: You may also obtain information about preventing and avoiding identity theft from North Carolina Attorney General’s Office: North Carolina Attorney General’s Office, Consumer Protection Division, 9001 Mail Service Center, Raleigh, NC 27699-9001, 1-877-5-NO-SCAM, www.ncdoj.gov.

https://www.jdsupra.com/legalnews/data-breach-alert-ethos-technologies-inc-3197213/

Next Post

Drivers on the lookout for ‘computer jump’ at the gas pump

(WFSB) – When gas prices hover around record high prices, people tend to watch their wallets closely. Experts say they should also watch the pump to make sure they’re actually getting all the gas for which they’re paying. Channel 3 spoke to The Department of Consumer Protection on the problem […]

Subscribe US Now