On August 29, 2022, Ellington Management Group, LLC reported a data breach with the Montana Attorney General after the company learned that an unauthorized party had gained access to two employee email accounts. According to Ellington, the breach involved mortgage holders’ names, Social Security numbers, driver’s license numbers, electronic signatures, credit card numbers, dates of birth, bank or financial account numbers, and other information you may have provided in connection with your mortgage loan. After confirming the breach and identifying all affected parties, Ellington Management Group began sending out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Ellington Management Group data breach, please see our recent piece on the topic here.
What We Know About the Ellington Management Group Data Breach
The information about the Ellington Management Group, LLC data breach comes from the company’s official filing with the Montana Attorney General’s office. According to this source, on about February 24, 2022, Ellington became aware of two compromised employee email accounts. The employees whose email accounts were subject to unauthorized access may have had access to your personal information in connection with the sale or potential sale of mortgage loans.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Ellington Management Group began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. Ellington completed this review on July 15, 2022. While the breached information varies depending on the individual, it may include your name, Social Security number, driver’s license number, electronic signature, credit card number, date of birth, bank or financial account numbers, and other information you may have provided in connection with your mortgage loan.
On August 29, 2022, Ellington Management Group sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Ellington Management Group, LLC
Founded in 1994, Ellington Management Group, LLC is a registered investment adviser based in Old Greenwich, Connecticut. Through its affiliates, the company manages a variety of investment funds, including Ellington Financial. Ellington Management Group employs more than 25 people and generates approximately $103 million in annual revenue.
How to Protect Yourself After a Data Breach
For those who have not experienced identity theft before, it is easy to assume that the harms of a data breach may be all that bad. However, if a hacker uses your information to steal your identity or commit other frauds in your name, resolving the situation can be time-consuming, stressful and costly. In fact, according to some estimates, it costs the average data breach victim more than $1,300 to resolve a case of identity theft and takes up to 200 hours to do so. This is hardly a minor inconvenience.
After a hacker obtains your information in a data breach, they typically act quickly, opening up new accounts in your name or filing a tax return on your behalf to obtain your tax refund. Of course, if you receive notice of the breach in a timely manner, it may give you time to reduce the risk of fraud by taking certain steps to protect yourself.
Below are some of the most important steps to take after any data breach. However, depending on the type of information that was leaked, you may need to take additional action.
Closely read the data breach letter to identify what information was leaked;
Report the breach to your banks and credit card companies;
Close any bank accounts or credit card accounts if your account numbers were compromised;
Enroll in free credit monitoring, which is usually provided by the company that leaked your information;
Contact one of the three major credit bureaus to place a fraud alert or credit freeze on your credit account; and
Maintain a close eye on your bank and credit card accounts for any signs of fraud.
By taking these steps, you can greatly reduce the chance of falling victim to identity theft or other fraud. Of course, the burden to prevent fraudulent use of your information should fall on your shoulders. And sometimes, despite taking all available precautions, victims of a data breach still experience identity theft. In these situations, it is important that you understand their rights. The United States data breach laws allow victims to bring a data breach class action lawsuit against a company that negligently leaked their information. However, these cases are complex, and those with questions about what to do after a data breach or what rights they have against a company should reach out to a data breach lawyer.