According to a recent announcement by the Vermont Attorney General, Ethos Group is issuing data breach notifications related to the unauthorized access of consumer information between July 30, 2022 and July 31, 2022. The information included consumer names, driver license numbers, and dates of birth.
Based upon additional information that is being sent to dealerships with compromised consumer information from Ethos Group:
What Happened?
On August 1, 2022, we determined some consumer information was accessed in the evening of July 30, 2022 and early morning of July 31, 2022. The threat was automatically stopped by our cybersecurity monitoring systems. We immediately launched an investigation with the assistance of cybersecurity specialists, to confirm the nature and scope of the activity. Our investigation showed the threat was the result of a third-party vendor’s software vulnerability. This investigation was completed on October 24, 2022 and confirmed that some consumers’ information was exposed.
What Information Was Involved?
We confirmed the involved information included the consumer’s name, driver’s license number, and/or date of birth.
What We Are Doing?
We responded by patching the vulnerability the same day. We have also implemented additional protections around the data that was accessed.
We are mailing affected consumers a letter that explains what happened and ways to protect their information. We have set up a toll-free telephone number for consumer questions. No Dealership’s name was mentioned in the letter.
Read the template of the notification being sent to consumers below: