Cyber Incident Victim: Centerspace
Date:
Nov 2021
Location:
United States of America
Summary
Centerspace experienced a data breach where an unauthorized party accessed sensitive consumer data, likely including personal identifiers and financial information, though specific compromised details were not publicly disclosed. Following a system disruption, the company secured its networks, engaged forensic investigators, and confirmed unauthorized access to files containing personal information; affected individuals were notified and offered complimentary credit monitoring services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Centerspace, LP, a real estate investment trust based in Minot, North Dakota, experienced a confirmed data breach after an unauthorized party accessed sensitive consumer data on its computer network. The incident began with a system disruption detected on November 11, 2021, which impaired the company's ability to access its own computer systems. Centerspace immediately secured its systems and engaged an independent digital forensics firm to investigate the nature and scope of the incident. By November 15, 2021, the investigation confirmed that an unauthorized actor had accessed company files containing personal consumer information. Centerspace subsequently reviewed the compromised files to identify specific data types exposed, completing this analysis on July 1, 2022, though it did not publicly disclose the exact categories of compromised information despite state reporting guidelines typically requiring notification for breaches involving Social Security numbers, driver's license numbers, financial account details, or medical records.
On July 14, 2022, Centerspace formally filed notice of the breach and dispatched data breach notification letters to affected individuals, offering 12 to 24 months of complimentary credit monitoring services. The company, formerly known as IRET until its December 2020 rebranding, manages apartment communities across multiple U.S. states and reported approximately $201 million in annual revenue with over 460 employees at the time of the breach. The unauthorized access occurred across the company's computer network, but Centerspace did not specify whether tenant records, financial systems, or employee data were primary targets. The forensic investigation confirmed the exposure of personal consumer data but did not quantify the number of affected individuals or properties. Centerspace maintained its NYSE listing under the ticker "CSR" throughout the incident, with no reported operational disruptions beyond the initial system inaccessibility. The breach letters constituted the primary communication to victims, as the company abstained from publishing detailed public disclosures about the compromised data types or the attacker's methods post-investigation.