Cyber Incident Victim: Kimco Realty Corporation
Date:
Feb 2023
Location:
United States of America
Summary
A cyberattack targeting the IT network of Weingarten Realty Investors, an entity acquired by Kimco Realty Corporation, resulted in unauthorized access to sensitive personal information. The compromised data included names, dates of birth, Social Security numbers, health insurance details, bank account information, and driver’s license numbers belonging to current and former employees, their beneficiaries, and individuals with commercial ties to the organization. Following the breach, the company secured affected systems, engaged cybersecurity experts to investigate, and notified law enforcement before issuing data breach notifications to impacted parties. The incident exposed confidential consumer data, heightening risks of identity theft and fraud for those affected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 8, 2023, Weingarten Realty Investors, an information technology network operated by Kimco Realty Corporation following its acquisition of Weingarten, experienced a cyberattack. Kimco responded by securing and restoring affected systems, notifying law enforcement agencies, and engaging third-party cybersecurity specialists to investigate the incident. The investigation confirmed unauthorized actors accessed certain files on Weingarten’s IT network. Further analysis revealed these files contained confidential information belonging to current and former Weingarten employees, their beneficiaries, and individuals with commercial relationships with the company. Kimco completed its review of compromised data by April 14, 2023, when it filed breach notifications with the Attorneys General of Texas and Montana. The company determined exposed information included names, dates of birth, Social Security numbers, health insurance details, bank account information, and driver’s license numbers.
Kimco initiated direct notification letters to affected individuals on April 14, 2023, advising them of the breach’s scope and potential risks. The incident stemmed specifically from systems inherited through Kimco’s acquisition of Weingarten Realty Investors, a Houston-based real estate investment trust integrated into Kimco’s operations. No evidence suggested Kimco’s primary corporate network or its Jericho, New York headquarters systems were compromised. The breach impacted an undisclosed number of individuals associated with Weingarten’s pre-acquisition operations. As a publicly traded REIT with $1.7 billion annual revenue and 637 employees, Kimco focused remediation efforts on the acquired Weingarten infrastructure while maintaining normal operations across its portfolio of shopping centers and mixed-use assets. The company did not disclose technical details regarding the attack vector, duration of unauthorized access, or specific containment measures beyond system restoration and forensic review.