Brandywine Breached: Philly CRE Firm Falls Victim To Cybersecurity Hack
One of Philadelphia’s largest commercial landlords has been hacked and files have been exposed in what is being described as a ransomware attack, new public documents show.
Brandywine Realty Trust experienced a third-party cybersecurity breach on May 1, according to a filing with the Securities and Exchange Commission.
The real estate investment trust’s report says certain files were “exfiltrated,” or taken from its system, and it is still investigating the extent of any sensitive information contained in its accessed systems, including any personal information. The breach interrupted operations and corporate functions.
The company activated its incident response plan, which includes deploying external cybersecurity experts and shutting down some systems. The REIT said the threat is contained, but it has launched an internal investigation.
Brandywine works with some of the biggest companies in the Northeast, including Spark Therapeutics, which has a location on a $3.5B campus in Philadelphia, along with dozens of other offices in Pennsylvania. Other large Brandywine tenants include IBM and Comcast, according to TechCrunch.
The company didn't respond to requests for comment from Bisnow by publication time, but it posted the following message on its website:
“Brandywine is committed to protecting company information as demonstrated by our Code of Business Conduct and Ethics and Insider Trading Policy. Maintaining a rigorous cybersecurity policy ensures we minimize any online risks to breaches of information.”
The public notice of the breach follows the 2024 rollout of an SEC rule that requires publicly owned companies to disclose what it deems to be “material” cyber incidents within 96 hours.
The company doesn't list a chief security officer on its website. Brandywine is steered by its board of trustees, most of whom have to remain independent, according to the company bylaws.
The Brandywine breach marks the latest cyberattack on the real estate industry, with title insurers a frequent target of bad actors over the past 12 months, according to HousingWire.
Title company First American was taken offline in December after a breach, the outlet reported. Hackers also targeted Florida-based Fidelity National Financial, the parent company of Chicago Title, in a November 2023 cyberattack, impacting its operations for at least a week and delaying several Chicago-area real estate deals.
Mortgage giant Mr. Cooper suffered a breach in October that exposed the details of about 14.6 million customers.