Ethos Technologies Hit with Class Action Over Months-Long Data Breach
by Erin Shaak
Last Updated on January 16, 2023
Dibisceglia v. Ethos Technologies, Inc.
Filed: January 11, 2023 ◆§ 3:23-cv-00133
Ethos Technologies faces a class action lawsuit over a “widespread” data breach that reportedly exposed customers’ names and Social Security numbers.
California
Ethos Technologies, Inc. faces a proposed class action lawsuit over a “widespread” data breach that reportedly exposed customers’ names and Social Security numbers.
The 43-page lawsuit claims the life insurance provider failed to implement adequate data security practices and policies and essentially left customers’ sensitive information “in a condition vulnerable to cyberattacks.”
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
Per the case, Ethos announced in late December 2022 that “malicious actors” had gained access to its network through the company’s third-party integrated service provider, Guidewire, and extracted customers’ full names and Social Security numbers in a data breach spanning August 4 through December 9, 2022.
As explained in the defendant’s December 21 data breach notice, the unauthorized actors used customer information obtained from other sources, particularly their names, dates of birth and addresses, and entered it into Ethos’ online insurance application. Per the suit, Guidewire’s integrated service then returned each customer’s Social Security number in the page’s source code, from which the hackers “used specialized tools” to extract the sensitive data.
The lawsuit alleges that although the improper disclosure of customers’ sensitive information was “a known risk” to Ethos, the company failed to take reasonable steps to protect the data and left it “in a dangerous condition” in an unencrypted, internet-accessible environment. Moreover, Ethos allegedly failed to properly monitor its computer network, IT systems and integrated service to timely detect any unauthorized access.
Per the case, the defendant’s notice to data breach victims was “unreasonably delayed,” coming almost five months after the breach initially began and nearly two weeks after Ethos concluded its investigation.
The lawsuit alleges that Ethos’ “negligent” conduct has put data breach victims at an increased risk of identity theft and fraud given their personally identifiable information “is now in the hands of malicious cybercriminals.”
Indeed, the plaintiff, a Florida resident, says she has already experienced over $7,000 of fraudulent credit card charges and several attempts by identity thieves to open new credit cards under her name.
“[The plaintiff] has taken significant efforts to remedy her credit file as a result of the Data Breach,” the lawsuit states.
The case looks to represent anyone identified by Ethos or its agents or affiliates as being among the individuals who were impacted by the data breach, including those who were sent a notice.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.