Strauss Borrelli PLLC, a leading data breach law firm, is investigating Keystone Pacific Property Management, LLC (“Keystone”) regarding its recent data breach. The Keystone data breach may have involved sensitive personal information belonging to an undetermined number of individuals.
ABOUT KEYSTONE PACIFIC PROPERTY MANAGEMENT, LLC:
Keystone is a real estate and community association management firm based in California. Founded in 1982, Keystone specializes exclusively in the management of common interest developments, including planned unit developments, condominiums, mixed-use, commercial, and master-planned community associations.2 Accordingly, Keystone’s services include HOA management, onsite management, developer services, escrow services, and commercial property management.3 Headquartered in Irvine, California, Keystone has additional locations in California, Colorado, and Idaho, and employs over 200 individuals.
WHAT HAPPENED?
Recently, Keystone reported to the Attorney General of Vermont that it had experienced a data breach in which the sensitive personal information in its systems may have been compromised. According to the breach notice, on February 10, 2025, Keystone became aware of unusual activity that disrupted access to certain systems.1 As a result, Keystone launched an investigation to determine the nature of the incident.
Through its investigation, Keystone learned that sensitive personal information in its systems may have been accessed and acquired by an unauthorized third party between February 7 and February 10, 2025. As a result, Keystone began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. On June 4, 2025, Keystone completed this review. The exact type of personal information potentially exposed has not been made publicly available by Keystone. However, according to state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license or other government issued ID card numbers (e.g., individual taxpayer ID number, passport number, military ID card number)
- Financial account number or credit or debit card number
- Unique biometric data (e.g., fingerprint, retina or iris image, or other unique biometric representation)
- Genetic information
- Health record or records of a wellness program or similar program of health promotion or disease prevention (e.g., healthcare professional’s medical diagnosis or treatment of the consumer, health insurance policy number)
As a result of the data breach, Keystone began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Vermont residents, Keystone is providing affected individuals with the specific type of information impacted and complimentary credit monitoring services. A link to the breach report filed by the Attorney General of Vermont is below.
If you received a breach notification letter from Keystone Pacific Property Management, LLC:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.