Ethos Group, Inc. is a financer and servicer of auto loans, says the complaint for this class action. As such, it maintains a good deal of personally identifiable information (PII). But Ethos, like all too many companies these days, has experienced a data breach, because, the complaint alleges, of its “negligent or careless acts and omissions” and its failure to protect the information it stores.
The class for this action is all individuals living in the US whose PII was accessed or acquired by an unauthorized party as a result of the data breach reported by Ethos on or around November 2, 2022.
Ethos promised to protect the PII it was given, the complaint alleges, saying in its privacy policy that it “secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure.”
Nevertheless, Ethos found suspicious activity in its system on August 1, 2022, the complaint alleges, and later determined, as quoted by the complaint, that “some consumer information was accessed between July 30, 2022 and July 31, 2022,” including PII. The information included names and driver’s license numbers, and the complaint alleges that 822,000 individuals were affected.
“By obtaining, collecting, using, and deriving a benefit from the PII” of these people, the complaint alleges, Ethos “assumed legal and equitable duties to those individuals to protect and safeguard that information from unauthorized access and intrusion.” The complaint alleges that the information was “unencrypted, unredacted” and that Ethos failed to protect it.
The complaint claims that Ethos’s Notice Letter did not provide enough information: “Omitted from the Notice Letter were the details of the root cause of the Data Breach, the vulnerabilities exploited, whether [Ethos’s] system is still unsecured, why it took over three months to inform impacted individuals after [Ethos] first detected the Data Breach, and the remedial measures undertaken to ensure such a breach does not occur again.”
The complaint lists measures the company should have taken to protect the information, as recommended by the US Government, the US Cybersecurity & Infrastructure Security Agency, and the Microsoft Threat Protection Intelligence Team.
“Because a person’s identity is akin to a puzzle with multiple data points,” the complaint claims, “the more accurate pieces of data an identity thief obtains about a person, the easier it is for the thief to take on the victim’s identity or track the victim to attempt other hacking crimes… For example, the complaint claims, thieves can use names and dates of birth with a technique called social engineering to get even more information, such as login information or a Social Security number.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Ethos Group Data Breach Complaint
December 23, 2022
Ethos Group, Inc. is a financer and servicer of auto loans, says the complaint for this class action. As such, it maintains a good deal of personally identifiable information (PII). But Ethos, like all too many companies these days, has experienced a data breach, because, the complaint alleges, of its “negligent or careless acts and omissions” and its failure to protect the information it stores.
Ethos Group Data Breach ComplaintCase Event History
Ethos Group Data Breach Complaint
December 23, 2022
Ethos Group, Inc. is a financer and servicer of auto loans, says the complaint for this class action. As such, it maintains a good deal of personally identifiable information (PII). But Ethos, like all too many companies these days, has experienced a data breach, because, the complaint alleges, of its “negligent or careless acts and omissions” and its failure to protect the information it stores.
Ethos Group Data Breach Complaint