In August 2020, FPI Management Inc. suffered a cyberattack where unauthorized parties accessed sensitive resident data, including names, addresses, Social Security numbers, driver’s license numbers, passport numbers, financial account details, and medical information in some cases. The breach exposed current and former residents of managed properties to identity theft risks, leading to a class action lawsuit alleging violations of California’s Consumer Privacy Act and Customer Records Act. Affected individuals could claim reimbursements (up to $4,250) for out-of-pocket expenses, lost time, and identity theft losses, alongside two years of free credit monitoring. The settlement fund covered administrative costs, legal fees, and payouts, with FPI denying liability but opting to settle to avoid prolonged litigation. The incident underscored failures in data protection protocols, resulting in prolonged financial and reputational harm for impacted residents.
Source: https://www.claimdepot.com/settlements/fpi-data-incident
TPRM report: https://www.rankiteo.com/company/fpi-management-inc-
"id": "fpi4262242091125",
"linkid": "fpi-management-inc-",
"type": "Cyber Attack",
"date": "8/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Current and former residents of '
'FPI-managed properties (exact '
'number unspecified)',
'industry': 'Real Estate / Property Management',
'location': 'United States',
'name': 'FPI Management Inc.',
'type': 'Property Management Company'}],
'customer_advisories': 'Eligible individuals instructed to submit claims by '
'Nov. 6, 2025 for compensation (up to $4,250) and '
'credit monitoring services',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes (names, SSNs, '
'driver’s licenses, '
'passports, addresses)',
'sensitivity_of_data': 'High (includes SSN, financial, and '
'medical data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Information',
'Medical Information (partial)']},
'date_detected': '2020-08-14',
'description': 'FPI Management Inc. experienced a cyberattack in August 2020 '
'where unauthorized parties accessed files containing '
'sensitive personal information of current and former '
'residents of properties managed by the company. The '
'compromised data included names, addresses, Social Security '
'numbers, driver’s license numbers, passport numbers, '
'financial account information, and, in some cases, medical '
'information. This led to a class action lawsuit alleging '
'failure to protect personal information, resulting in a '
'settlement agreement offering financial compensation and '
'credit monitoring services to affected individuals.',
'impact': {'brand_reputation_impact': 'Significant (led to lawsuit and '
'settlement)',
'customer_complaints': 'Class action lawsuit filed',
'data_compromised': ['Names',
'Addresses',
'Social Security numbers',
'Driver’s license numbers',
'Passport numbers',
'Financial account information',
'Medical information (in some cases)'],
'financial_loss': {'claimant_compensation': {'california_cash_payment': '$100 '
'per '
'eligible '
'claimant',
'extraordinary_expenses': 'Up '
'to '
'$4,250 '
'for '
'identity '
'theft '
'losses',
'ordinary_expenses': 'Up '
'to '
'$400 '
'(including '
'$60 '
'for '
'time '
'spent)'},
'settlement_fund': {'attorneys_fees': 'Up to '
'$297,000',
'claimant_payouts': 'Determined '
'by '
'number '
'and '
'type '
'of '
'claims',
'credit_monitoring_costs': 'Determined '
'by '
'number '
'of '
'claims',
'service_award': 'Up to '
'$5,000'}},
'identity_theft_risk': 'High (documented cases traceable to the '
'breach)',
'legal_liabilities': ['Class action lawsuit',
'Alleged violations of California Consumer '
'Privacy Act and Customer Records Act'],
'payment_information_risk': 'Yes (financial account information '
'exposed)'},
'initial_access_broker': {'high_value_targets': 'Resident PII and financial '
'data'},
'investigation_status': 'Settled via class action (final approval pending as '
'of 2025)',
'post_incident_analysis': {'corrective_actions': 'Settlement agreement '
'(financial compensation, '
'credit monitoring); no '
'technical remediation '
'details provided',
'root_causes': 'Alleged failure to protect '
'personal information (specific '
'technical root causes '
'undisclosed)'},
'ransomware': {'data_exfiltration': 'Yes (data accessed and exfiltrated)'},
'references': [{'source': 'Class Action Settlement Notice (Archibeque v. FPI '
'Management)'},
{'source': 'Settlement Administrator: Archibeque v. FPI '
'Management Settlement c/o Claims Administrator'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit (settled)',
'regulations_violated': ['California Consumer '
'Privacy Act (CCPA)',
'California Customer '
'Records Act']},
'response': {'communication_strategy': 'Notification letters sent to affected '
'individuals; settlement claims '
'process established',
'recovery_measures': 'Settlement agreement including financial '
'compensation and credit monitoring'},
'stakeholder_advisories': 'Notification letters sent to affected residents; '
'settlement claims process communicated via mail '
'and online',
'threat_actor': 'Unauthorized parties',
'title': 'FPI Management Inc. Data Breach (August 2020)',
'type': ['Data Breach', 'Cyberattack']}