Confirms That Incident Did Not Result in Any Breach of Information Related to Ellington’s Clients or Investors
Ellington Management Group, L.L.C. (“Ellington”) confirmed today that it detected a data incident after which it issued notices about the incident to affected individuals and relevant agencies.
CIO INFLUENCE News: Foundry for AI by Rackspace Partners with Straits Interactive to Launch AI Data Protection Officer on Microsoft Azure OpenAI Service
What Happened?
On August 8, 2023, Ellington detected suspicious activity within one of its email accounts. Ellington immediately took steps to address the situation and mitigate risk to its data, including changing p********, notifying federal law enforcement, and engaging leading cybersecurity professionals for assistance.
Ellington’s investigation determined that between July 18, 2023 and August 8, 2023, an unauthorized actor had access to a single Ellington email account for the demonstrated purpose of sending phishing emails. Ellington analyzed the email account and did not find any evidence of any data being downloaded, emails being forwarded, or the account being synced to other systems. Out of an abundance of caution, Ellington analyzed all of the data in the email account to identify if any personal information was present so it could notify individuals as appropriate. There is currently no evidence that any information has been misused for identity theft or fraud in connection with the incident.
What Information Was Involved?
Ellington can confirm that the email account did not include any personal information related to Ellington’s clients or investors. Ellington determined that the following general categories of information may have been involved in the incident but are not relevant to every individual impacted: name, date of birth, S*********************, medical information, and driver’s license number. In only three instances, non-Ellington financial account information may have been impacted.
What Ellington Management Group Is Doing.
Upon becoming aware of the incident, Ellington immediately worked with leading data privacy and security professionals to aid in its response and report the incident to relevant government agencies, federal law enforcement and affected individuals. Ellington also implemented additional security protocols designed to protect and improve its network, email environment, and systems, and is currently assessing the entirety of its information security program.
CIO INFLUENCE News: IBM Expands Relationship with AWS to Bring Generative AI Solutions and Dedicated Expertise to Clients
What Individuals Can Do.
Ellington encourages potentially-affected individuals to remain vigilant against incidents of identity theft and fraud by reviewing their account statements and monitoring their free credit reports for suspicious activity and to detect errors.
Potentially-affected individuals can also enroll in the credit monitoring services that Ellington is offering at n******. To help relieve concerns and restore confidence following this event, Ellington has secured the services of Kroll to provide identity monitoring. Kroll is a global leader in risk mitigation and response, and the Kroll team has extensive experience helping people who have sustained an unintentional exposure of confidential data. Kroll’s identity monitoring services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration.
Potentially-affected individuals seeking additional information, including information about whether their Information was involved and their eligibility for complimentary credit monitoring, may call Kroll’s toll-free assistance line at (866) 983-4820 Monday through Friday from 9:00 am to 6:30 pm Eastern time (excluding U.S. holidays).
[To share your insights with us, please write to sghosh@martechseries.com]
