OLD GREENWICH, Conn.--(BUSINESS WIRE)--Ellington Management Group, L.L.C. (“Ellington”) confirmed today that it detected a data incident on August 8, 2023, after which it issued notices about the incident to affected individuals and relevant agencies.
What Happened?
On August 8, 2023, Ellington detected suspicious activity within one of its email accounts. Ellington immediately took steps to address the situation and mitigate risk to its data, including changing passwords, notifying federal law enforcement, and engaging leading cybersecurity professionals for assistance.
Ellington’s investigation determined that between July 18, 2023 and August 8, 2023, an unauthorized actor had access to a single Ellington email account for the demonstrated purpose of sending phishing emails. Ellington analyzed the email account and did not find any evidence of any data being downloaded, emails being forwarded, or the account being synced to other systems. Out of an abundance of caution, Ellington analyzed all of the data in the email account to identify if any personal information was present so it could notify individuals as appropriate. There is currently no evidence that any information has been misused for identity theft or fraud in connection with the incident.
What Information Was Involved?
Ellington can confirm that the email account did not include any personal information related to Ellington’s clients or investors. Ellington determined that the following general categories of information may have been involved in the incident but are not relevant to every individual impacted: name, date of birth, Social Security number, medical information, and driver’s license number. In only three instances, non-Ellington financial account information may have been impacted.
What Ellington Management Group Is Doing.
Upon becoming aware of the incident, Ellington immediately worked with leading data privacy and security professionals to aid in its response and report the incident to relevant government agencies, federal law enforcement and affected individuals. Ellington also implemented additional security protocols designed to protect and improve its network, email environment, and systems, and is currently assessing the entirety of its information security program.
What Individuals Can Do.
Ellington encourages potentially-affected individuals to remain vigilant against incidents of identity theft and fraud by reviewing their account statements and monitoring their free credit reports for suspicious activity and to detect errors.
Potentially-affected individuals can also enroll in the credit monitoring services that Ellington is offering at no cost. To help relieve concerns and restore confidence following this event, Ellington has secured the services of Kroll to provide identity monitoring. Kroll is a global leader in risk mitigation and response, and the Kroll team has extensive experience helping people who have sustained an unintentional exposure of confidential data. Kroll’s identity monitoring services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration.
Potentially-affected individuals seeking additional information, including information about whether their Information was involved and their eligibility for complimentary credit monitoring, may call Kroll’s toll-free assistance line at (866) 983-4820 Monday through Friday from 9:00 am to 6:30 pm Eastern time (excluding U.S. holidays).
Other Important Information
Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus. To obtain a free credit report, individuals may visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Alternatively, affected individuals can contact the three major credit reporting bureaus directly at the addresses below.
Equifax |
Experian |
TransUnion |
1-888-298-0045 |
1-888-397-3742 |
1-833-395-6938 |
Equifax Fraud Alert, P.O. Box 105069 Atlanta, GA 30348-5069 |
Experian Fraud Alert, P.O. Box 9554, Allen, TX 75013 |
TransUnion Fraud Alert, P.O. Box 2000, Chester, PA 19016 |
Equifax Credit Freeze, P.O. Box 105788 Atlanta, GA 30348-5788 |
Experian Credit Freeze, P.O. Box 9554, Allen, TX 75013 |
TransUnion Credit Freeze, P.O. Box 160, Woodlyn, PA 19094 |
Moreover, information regarding identity theft, fraud alerts, security freezes, and the steps an individual can take to protect personal information may be obtained by contacting the consumer reporting agencies, the Federal Trade Commission, or the appropriate state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. Individuals can obtain further Information on how to file such a complaint by calling 1-877-438-4338. Individuals should file a police report if they are a victim of identity theft or fraud. To file a report with law enforcement for identity theft, an individual will likely need to provide some proof that they have been a victim.