Skip to content
Adam Crowell Nov 3, 2022 1 min read

Ethos Group Notifies Dealerships and Consumers of Data Breach

According to a recent announcement by the Vermont Attorney General, Ethos Group is issuing data breach notifications related to the unauthorized access of consumer information between July 30, 2022 and July 31, 2022. The information included consumer names, driver license numbers, and dates of birth.

Based upon additional information that is being sent to dealerships with compromised consumer information from Ethos Group:

What Happened?

On August 1, 2022, we determined some consumer information was accessed in the evening of July 30, 2022 and early morning of July 31, 2022. The threat was automatically stopped by our cybersecurity monitoring systems.  We immediately launched an investigation with the assistance of cybersecurity specialists, to confirm the nature and scope of the activity. Our investigation showed the threat was the result of a third-party vendor’s software vulnerability. This investigation was completed on October 24, 2022 and confirmed that some consumers’ information was exposed.  

What Information Was Involved?

We confirmed the involved information included the consumer’s name, driver’s license number, and/or date of birth. 

What We Are Doing?

We responded by patching the vulnerability the same day. We have also implemented additional protections around the data that was accessed.  

We are mailing affected consumers a letter that explains what happened and ways to protect their information.  We have set up a toll-free telephone number for consumer questions.  No Dealership’s name was mentioned in the letter.

Read the template of the notification being sent to consumers below:

avatar

Adam Crowell

Adam is a partner at ComplyNet and a licensed practicing attorney with over 20 years of experience primarily representing dealerships, trucking companies, and auto auctions. His experience is that most regulatory fines and lawsuits are avoidable, but it takes proactive steps, the guidance of knowledgeable experts, and great systems to effectively mitigate these risks. Adam’s first-hand experience is that a company’s compliance efforts can be leveraged for significant insurance savings, and potentially used to win other business. Prior to joining ComplyNet, Adam served as general counsel to a data management company that provides information safeguarding and custom workflow solutions to the automotive industry. Adam has spoken on the local, state, and national levels, including presentations to the National Automobile Dealers Association (NADA), the National Independent Auto Dealers Association (NIADA), and the National Association of Dealer Counsel (NADC). Adam double majored in Economics and Religion at Denison University, and was elected into the honorary Order of the Curia for outstanding academics, character, and achievements at Capital University Law School