Posted On December 23, 2022 Consumer Privacy & Data Breaches
December 23, 2022 – Ethos Technologies, Inc. filed a notice of a data breach with the Montana Office of Consumer Protection, a division of the Attorney General of Montana’s office, on December 21, 2022 after learning that an unauthorized party could access consumer information stored in its computer network.
According to the filing, an unauthorized party gained access to consumers’ Social Security numbers. Once it was confirmed that there was a data leak, Ethos sent out notification letters to all individuals affected by the data security breach.
Ethos Technologies is in the business of selling life insurance, and, therefore, collects and stores consumer information in their systems. They also make millions in revenue every year. A company handling such sensitive information should take their security very seriously. That may not have been the case. As a consumer, there isn’t much you can do to protect your information once it is in the hands of a company like Ethos. Therefore, they are the line of defense against hackers. If it is discovered that the company has been negligent in their responsibilities to protect consumer information, you may be able to pursue a data breach lawsuit.
The data breach lawyers at Console & Associates, P.C. are going to begin interviewing victims of the breach to determine what damages they sustained and what legal claims may be available to them. If you recently received a NOTICE OF DATA BREACH from Ethos Technologies, Inc., contact us at (866) 778-5500 to discuss your legal options, or submit a confidential contact form for a free case evaluation.
Ethos is a life insurance company that provides many coverage options, such as whole and term life policies. The consumer information that they require their applicants to provide is full name, Social Security numbers, current prescription information, and medical history. Ethos is a third-party administrator and offers policies through Legal & General America. Originally founded in 2016 in Austin, Texas, Ethos Technologies, Inc. now employs over 400 people. It generates approximately $373 million in revenue annually.
According to its filing with the Montana Attorney General, Ethos determined that it had experienced a cyberattack on December 8, 2022. The company does not reveal further details on the incident. What we know is that hackers obtained consumer information from other sources and entered it into Ethos’ applications. A third-party service then provided those consumers’ Social Security numbers.
Ethos notified the Federal Bureau of Investigation and made changes to its site to prevent similar attacks. The company then conducted an investigation into the attack to determine what information was made available. The company confirmed that consumers’ Social Security numbers were accessed between August 4, 2022 and December 9, 2022.
On December 21, 2022, Ethos sent out letters to all individuals whose sensitive information had been compromised.
Per the Montana Attorney General, the data breach affected 168 victims in Montana alone, though the total number is unknown. According to Ethos, the majority of breach victims were not Ethos customers.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Ethos Technologies, Inc. data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the letter that Ethos sent to individuals affected by the data breach:
Dear [Redacted],
On behalf of Ethos Technologies Inc. (“Ethos”), we are informing you of a recent cyberattack in which unauthorized third-party actors may have accessed your Social Security number (“SSN”). We are offering you two years of free credit monitoring, identity theft protection services, and up to $1 million of identity theft insurance through Experian®.
What Happened? Ethos offers life insurance policies through an online application process. On December 8, 2022, we learned that unauthorized actors had launched a sophisticated and successful cyberattack against our website to access certain persons’ SSNs. We immediately investigated the incident and made a series of technical changes to our website to prevent further unauthorized access to SSNs. The vast majority of people affected by this incident were not existing Ethos customers.
To access SSNs, the unauthorized actors entered information they had obtained about you from other sources—first and last name, date of birth, and address—into our online insurance application flow. This caused a third-party integrated service to return your SSN to the page source code on our website. Then, the unauthorized actors used specialized tools to extract SSNs from the page source code of our website. Importantly, these SSNs did not appear on the public-facing application page of the site. The incident spanned from approximately August 4, 2022 through December 9, 2022.
What Information Was Involved? Social Security number.
What We Are Doing. We notified the FBI and made a series of technical changes to the software code of our website. The changes are designed to prevent further unauthorized access to SSNs. We also engaged an independent forensic investigation firm to assist with our investigation of and response to the incident. In addition, we regularly conduct penetration testing, undergo annual cyber security audits, and use threat prevention and detection software.
What You Can Do. You can enroll in free two-year credit monitoring and identity theft protection services provided by Experian®. We have engaged Experian® to provide you with its IdentityWorksSM service, which includes credit monitoring, identity theft detection and resolution services, and up to $1 million of identity theft insurance. You must enroll by May 31, 2023 and provide this activation code: [Redacted]. This code is unique to you and should not be shared. To enroll, visit [Redacted] or call (800) 960-1799.
Please reference the following engagement number: [Redacted].
