Cyber Incident Victim: Riverbay Corporation

On May 21, 2025, Riverbay Corporation identified unusual activity within its information technology network and immediately initiated steps to isolate and secure its systems. Following this detection, the company launched a formal investigation with the assistance of a third-party cybersecurity firm and concurrently notified appropriate law enforcement authorities. The investigation determined that an unauthorized party had gained access to the company's IT network and systems over a period spanning from April 21, 2025, to May 21, 2025. By June 2, 2025, the investigation concluded that the unauthorized party had accessed and/or acquired files from certain of the company's computer systems. The inquiry could not rule out that these files contained personal information pertaining to Co-op City shareholders and applicants, as well as current and former Riverbay employees. Furthermore, the incident potentially involved information related to residents of Co-op City if such data had been provided to Riverbay by the shareholder with whom they reside.

The potentially accessed or acquired information includes individuals' names, Social Security numbers, and bank account and routing numbers. Riverbay Corporation began providing notification letters to individuals whose information may have been involved on June 20, 2025. As part of its response, the company is offering complimentary memberships to credit monitoring services for these potentially affected individuals. A dedicated, toll-free incident response line was established to address questions, operating Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time, excluding major U.S. holidays. To help prevent a recurrence, Riverbay has implemented additional security measures to enhance network protection and is providing supplementary data security training for its employees.