On December 9, 2024, ArdyssLife discovered a data breach involving unauthorized access to customer information stored on servers managed by their third-party provider, Epic. The breach occurred between December 8 and December 9, 2024, when an intruder successfully installed malware on the servers, gaining access to sensitive customer data.
The compromised information potentially includes customers' first and last names, addresses, phone numbers, email addresses, Social Security numbers, and dates of birth. Banking information, including credit or debit card details, was not exposed in this incident.
On December 23, 2024, a threat actor with the username "0mid16B" posted claiming responsibility for the breach. The individual alleged possession of a database containing 1.17 million customer records from Ardyss digital and ArdyssLife.
The compromised database reportedly includes customer IDs, full names, emails, phone numbers, addresses, and passwords, totaling approximately 596 GB in size. The threat actor stated that the breach occurred on December 4, 2024, slightly earlier than the company's reported timeline.
The company officially notified affected customers on February 12, 2025. In total, ArdyssLife reported that 42,420 individuals in Texas alone were impacted by this breach, as disclosed on the Texas Attorney General's data security breach reports page. Additionally, the breach was disclosed to the California Attorney General's office on February 12, 2025, as documented in their official data breach disclosure.
Upon discovering the breach, ArdyssLife immediately engaged cybersecurity experts to remove the malware and secure the affected servers. The company is actively cooperating with federal and state authorities to investigate the breach further.
ArdyssLife advises affected customers to remain vigilant for suspicious activity related to their personal and financial accounts. Customers are encouraged to regularly monitor their financial statements and credit reports for unauthorized transactions or activities and promptly report any suspicious activity to their financial institutions.
Additionally, ArdyssLife recommends customers learn more about identity theft prevention and response by visiting California's privacy website.
Customers seeking further information or assistance can contact ArdyssLife directly via email at service@arydsslife.com.