Strauss Borrelli PLLC, a leading data breach law firm, is investigating Elmhurst Development LLC, which does business as Elmhurst Group, regarding its recent data breach. The Elmhurst Group data breach may have involved sensitive personal identifiable information belonging to an undetermined number of individuals.
ABOUT ELMHURST DEVELOPMENT, LLC D/B/A ELMHURST GROUP:
Elmhurst Group is a real estate investment company based in Pennsylvania. Founded in 1977, Elmhurst Group invests in commercial real estate and the hospitality industry, aiming to continually increase the value of each of its properties by providing dedicated management and customer service.3 Today, Elmhurst Group’s real estate holdings include 40 buildings on 21 sites, totaling more than three million square feet of office, distribution, flex, and hotel space.3 Headquartered in Pittsburgh, Pennsylvania, Elmhurst Group employs over 10 individuals.
WHAT HAPPENED?
Recently, Elmhurst Group reported to the Attorney General of Vermont that it had experienced a data breach in which the sensitive personal identifiable information in its systems may have been accessed and acquired. According to the breach notice, Elmhurst Group recently discovered unauthorized activity within its IT systems. As a result, Elmhurst Group launched an investigation to determine the nature of the incident.
Through its investigation, Elmhurst Group learned that sensitive personal information may have been compromised by an unauthorized actor as early as mid-May 2024. As a result, Elmhurst Group began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. Due to an encryption event, Elmhurst Group was unable to determine the scope of the unauthorized access until late July 2024. The exact type of personal information potentially exposed has not been made publicly available by Elmhurst Group. However, according to state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license or other government issued ID card numbers (e.g., individual taxpayer ID number, passport number, military ID card number)
- Financial account number or credit or debit card number
- Unique biometric data (e.g., fingerprint, retina or iris image, or other unique biometric representation)
- Genetic information
- Health record or records of a wellness program or similar program of health promotion or disease prevention (e.g., healthcare professional’s medical diagnosis or treatment of the consumer, health insurance policy number)
On September 5, 2024, Elmhurst Group began mailing data breach notification letters to impacted individuals. Based on the breach notices provided to the Attorney General of Vermont, Elmhurst Group is providing affected individuals with a list of the specific type of sensitive information impacted and 24 months of complimentary credit monitoring services. A link to the form breach notification letter that Elmhurst Group filed with the Attorney General of Vermont is below.
If you received a breach notification letter from Elmhurst Development, LLC d/b/a Elmhurst Group:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.