Posted On April 29, 2023 Consumer Privacy & Data Breaches
April 29 – On April 26, 2023, Alvaria, Inc. filed a notice of data breach with the Massachusetts Attorney General, naming Carrington Mortgage Services (Carrington) in the report as the company that was breached. It was Carrington’s consumers whose information was involved in the breach. After it was determined that customer information had been compromised, Alvaria immediately began notifying all Carrington consumers who had been affected by the incident via letter.
Console & Associates, P.C.’s data breach lawyers are now looking into the incident. Those who have received a breach notification from Alvaria/Carrington Mortgage Services and are concerned about the possibility of identity theft, what they can do to protect themselves, and want to discuss legal options for receiving financial compensation are encouraged to take advantage of our free consultations.
Alvaria, Inc. is a business software organization that produces software that can track customer experiences and workforce engagement. It is the result of a merger between Noble Systems and Aspect Software. Based in Westford, Massachusetts, Alvaria employs over 2,000 people and generates approximately $423 million in revenue annually.
Carrington Mortgage Services has its headquarters in Anaheim, California, although it serves customers in all 50 states with its many mortgage options. Carrington Holding Company is a privately managed investment management firm that also owns Vylla Title, Vylla Escrow, and Vylla Home, all of which are subsidiaries of Carrington Mortgage Services. Since its inception in 2007, Carrington Mortgage Services has grown to employ over 2,716 individuals and produce yearly sales of over $1.2 billion.
What little is known at this time was gathered through a report made by Alvaria with the Massachusetts Attorney General. Carrington employs Alvaria as a vendor for a selection of outsourced services. Few details are provided in Alvaria’s filing, but the company did issue a data breach notice earlier this year that appears to cover the same ground.
On November 28, 2022, Alvaria was the subject of a Hive Ransomware assault, as stated in the company’s own data breach notice. In response, Alvaria locked down its systems, alerted the authorities, and initiated an investigation to determine the scope of the cyberattack and the data stolen. While Alvaria was looking into the matter, the ransomware group known as Hive released some information onto a site on the Dark Web. None of the stolen data belonged to customers or staff, but it did confirm the hack was real. As a result, Alvaria kept digging to find out what else could have been compromised in the breach.
Carrington is not mentioned at all in the data breach notice sent out by Alvaria. Even though it’s highly doubtful, it’s still conceivable that the data leak and the Carrington event are unconnected. In its most recent filing on behalf of Carrington, submitted by Alvaria, the corporation does not specify what information was compromised. However, the perpetrators of the ransomware attack on Alvaria gained access to sensitive data, including the Social Security numbers of Alvaria’s employees.
On April 26, 2023, Alvaria, acting on behalf of Carrington Mortgage Services, mailed data breach notification letters to all consumers whose data may have been exposed.
Ransomware is a type of malicious software that is installed on a company’s computer network by hackers during a cyberattack. Malware refers to software that encrypts data and prevents the firm from accessing its own network. Encryption is the process of encoding data so that only those with the means to decrypt it can access it.
The hackers send a note demanding payment in exchange for the release of the files, which is where the term “ransom” originates from. Payment will result in the decryption of all files and the cessation of the attack.
However, hackers’ threats have become more malicious lately. Having backups of files eliminates a major reason for a corporation to pay a ransom. As a result, “double extortion” has been used as a tactic by hackers. If the corporation does not pay, it will be posted on the dark web, where anybody may use the information to perpetrate fraud and identity theft.
With up-to-date and well-maintained data security measures, ransomware attacks may be avoided. By hunting out and taking advantage of weaknesses, hackers use outdated technology to their advantage. If their technology is up to date, businesses will be able to identify and block assaults before they even start.
The hackers behind the ransomware attack on Alvaria go by the name Hive Ransomware, and they’ve previously targeted firms in many nations. On January 26, 2023, the United States Department of Justice posted a notice on its website announcing that it had successfully disrupted and dismantled the Hive network.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Carrington Mortgage Services data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent to affected individuals:
Alvaria, Inc. (“Alvaria”) is a workforce management and call center technology solution company. We write to inform you about a recent incident experienced by Alvaria that may have involved some of your personal information, which came into our possession due to the services we provide [Redacted]. We are providing you with information about the incident and steps you can take to protect yourself, should you feel it necessary to do so.
What Information Was Involved. The personal information that was potentially exposed included your name, [Redacted].
What We Are Doing. Upon discovery of the incident, we immediately secured our networks, implemented measures to further improve the security of our systems, safely restored our systems and operations via viable backups, initiated an investigation of the incident with the assistance of forensic experts, and notified the Federal Bureau of Investigation (“FBI”). We also are notifying you so that you may take further steps to protect your information, should you feel it appropriate to do so. In addition, we are providing you with access to 24 months of credit monitoring and identity restoration services through Experian at no charge to you. You must enroll by July 31, 2023.
What You Can Do. Please review the enclosed “Steps You can take to Help Protect Your Information” which describes the services we are offering, how to activate them, and provides further details on how to protect yourself. We encourage you to remain vigilant against the potential for identity theft and fraud and to monitor your accounts and credit reports for any suspicious activity.
For More Information. We sincerely regret any inconvenience this incident may have caused you. If you have additional questions, you may call our dedicated assistance line [Redacted] (toll-free), Monday–Friday, from 9:00 a.m. to 11:00 p.m. Eastern Time, and Saturday–Sunday, 11:00 a.m. to 8:00 p.m. Eastern Time. Please be prepared to provide engagement number [Redacted].