Dive Brief:
- Apartment owner and developer Rockrose Development Corp. recently found that unauthorized individuals hacked its systems and claimed to have acquired confidential information, according to a letter posted to its website on Dec. 12.
- The security breach occurred on July 4 and affected 47,392 people, according to a data breach notification submitted to Maine’s attorney general’s office. Rockrose discovered the issues on Nov. 14.
- Rockrose determined that personally identifiable information for some individuals may have been impacted, which could indicate that the hackers accessed some sensitive areas of the network. That information could include name, Social Security number, taxpayer identification number, driver’s license number, passport number, bank account and routing numbers, health insurance information, medical information and online account credentials.
Dive Insight:
Rockrose, which was founded in 1970, has acquired, developed or repositioned nearly 6 million square feet of office space and approximately 15,000 residential apartments in New York and Washington, D.C., according to its website.
The New York City-based apartment firm launched an investigation into the breach, according to its letter. Since the incident, Rockrose said it has implemented additional cybersecurity safeguards and is working with internal and external experts to improve the security of its systems.
The firm could potentially face lawsuits as a result of the hack, according to Nicholas Migliaccio, a founding partner of Washington, D.C.-based law firm Migliaccio & Rathod.
“Often, in the wake of notice letters, cases get filed very quickly,” he told Multifamily Dive.
In some cases, multiple law firms file complaints on behalf of those who say they’ve been harmed by the breach. “Cases will get consolidated in some fashion and organized in a way that they can proceed,” Migliaccio said.
Usually, the defendant will file a motion to dismiss, challenging or testing the allegation in the complaint. If the judge denies that motion, settlements often ensue, according to Migliaccio. If not, cases could stretch for a couple of years.
“[The defendant] will weigh the risk of proceeding to trial,” Migliaccio said.
While data breach cases can have a number of possible outcomes, Migliaccio said hacking cases aren’t going away. “They seem to be continuing at a high,” he said. “I’m not sure I’ve seen a change recently.”
Other housing firms have been victims of hacking over the years. In October 2023, Miami-based homebuilder Lennar, the parent company of Quarterra, experienced a cybersecurity breach involving access to customers’ personal information, according to a notification submitted by Lennar to California’s Department of Justice.
The company detected unauthorized activity in its computer systems on July 20, 2023, and said it believes a third party obtained access to the information earlier that month. The names and Social Security numbers of 7,448 Lennar customers were exposed in the breach, according to a filing with the Maine Attorney General.