In a recent cybersecurity incident, Bull Stockwell & Allen Architects (BSA), an architecture firm based in San Francisco, California, experienced a data breach potentially exposing sensitive personal and health information. The breach, disclosed to the Attorney General of Massachusetts, occurred after BSA identified a network interruption on January 22, 2024, which led to an investigation into unauthorized access. BSA subsequently determined that an unauthorized actor may have viewed or taken personal information within its systems. As a result, the company conducted an in-depth data review to understand the scope of the incident and identify the individuals affected.
The compromised data varies by individual but reportedly includes personal identifiers and financial information. Specific details at risk may include names, Social Security numbers, addresses, dates of birth, contact information, driver’s license numbers, and passport numbers. Additionally, financial and tax details, such as W2 information, pay stubs, and Employment Authorization Document (EAD) card numbers, may also have been accessed. Certain medical records are included among the data that may have been compromised, although the exact nature of the medical information has not been disclosed publicly.
On July 11, 2024, BSA completed its data review, identifying affected individuals and determining the scope of the exposed information. The company then moved forward with notifying impacted parties, sending data breach notification letters to those affected beginning August 2, 2024. These letters informed recipients of the breach and included specific details about the types of information that were compromised in each case. To mitigate the potential impact of the breach, BSA has arranged for complimentary credit monitoring services for the affected individuals.
Founded in 1968, BSA has built a strong reputation in the fields of resort, recreation, and hospitality design, specializing in four-season hospitality and mountain resort projects. Headquartered in San Francisco with an additional office in Boston, Massachusetts, the firm employs over 20 professionals. In response to this incident, BSA has reviewed and fortified its security measures, aiming to safeguard its network against future cyber threats while continuing to support clients and protect sensitive data.
Reference: