Cyber Incident Victim: Veris Residential
Date:
Feb 2023
Location:
United States of America
Summary
Veris Residential experienced a cybersecurity incident involving unauthorized access to sensitive consumer information, including names, Social Security numbers, financial account details, and driver's license numbers. The real estate investment trust confirmed the data compromise after investigating the breach and subsequently initiated notification procedures to inform affected individuals. The company did not publicly disclose additional specifics regarding the incident due to regulatory constraints in its Massachusetts filing.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Veris Residential, Inc., a New Jersey-based real estate investment trust, experienced a cybersecurity incident compromising sensitive consumer data, leading to a formal notice filed with the Massachusetts Attorney General on February 28, 2023. The company identified unauthorized access to files containing names, Social Security numbers, financial account information, and driver’s license numbers during its investigation. Upon confirming the breach, Veris initiated a review of affected files to determine the scope of compromised data and specific individuals impacted. No public statements, press releases, or website notices were issued by the company at this stage due to Massachusetts data breach reporting laws restricting detailed disclosures. Veris completed data breach notification letters on the same day as its regulatory filing, distributing them to all victims whose personal information was exposed. The breach impacted an undisclosed number of consumers across Veris’ portfolio, which includes 71 properties spanning office buildings, apartment complexes, hotels, and mixed-use developments in New York and New Jersey.
The company operates with approximately 234 employees and generates $329 million in annual revenue, managing high-profile assets like 101 Hudson Street in Manhattan and Jersey City’s Harborside complex. While the exact method of unauthorized access, duration of the breach, and identity of threat actors remain undisclosed, the incident exposed personally identifiable information and financial data tied to consumers interacting with Veris’ services. No evidence suggested operational disruptions to the company’s physical properties or real estate management systems. The breach’s impact varied per victim, with some individuals experiencing exposure of multiple data categories. Veris’ response focused on regulatory compliance—fulfilling notification obligations under Massachusetts law—followed by direct communication with affected parties to alert them of potential fraud and identity theft risks. No subsequent remediation measures, such as credit monitoring services, were referenced in the available filing.