Elmhurst Group, a real estate investment company based in Pittsburgh, Pennsylvania, recently disclosed a data breach to the Attorney General of Maine. The breach, discovered through an internal investigation, revealed that sensitive personal information within its IT systems may have been accessed and acquired by an unauthorized actor. Initial unauthorized activity was traced back to mid-May 2024, but due to an encryption event, the full scope of the breach was not confirmed until late July 2024. The compromised information potentially includes names, Social Security numbers, and other personal data, though specific details have not been fully disclosed.
The breach investigation revealed that the attackers may have accessed highly sensitive information such as government-issued ID numbers, biometric data, genetic information, and financial account details. Elmhurst Group has not publicly outlined all affected categories but acknowledged the possibility of diverse data exposure. The organization undertook a comprehensive review of its records to identify the impacted individuals and determine the extent of the breach. State reporting guidelines provide a broad definition of personal information, hinting at the possible scale of the exposed data.
On September 5, 2024, Elmhurst Group began notifying affected individuals through official data breach notification letters. The company is offering 24 months of complimentary credit monitoring services to help mitigate the potential risks to those impacted. Elmhurst emphasized its commitment to addressing the fallout from the breach and ensuring affected individuals receive support. It has engaged in compliance with state reporting requirements and is implementing measures to enhance its data security infrastructure moving forward.
Elmhurst Group, established in 1977, specializes in commercial real estate and hospitality investments. The company manages over three million square feet of property, including office, distribution, and hotel spaces, spread across 40 buildings on 21 sites. Known for its dedication to customer service and property management, Elmhurst employs over 10 individuals and continues to focus on maintaining the value of its holdings. Despite the breach, the company aims to reassure its stakeholders of its commitment to privacy and data protection.
Reference:
