Fulcrum Real Estate Services Inc.: Fulcrum Real Estate data breach exposes Social Security numbers

Fulcrum Real Estate Services Suffers Ransomware Attack, Exposing Social Security Numbers

Fulcrum Real Estate Services Inc., a property management company based in Tacoma and Tumwater, Washington, disclosed a ransomware attack that compromised sensitive personal data. The breach was first detected on March 9, 2026, when suspicious activity was identified on the company’s Egnyte cloud-based file-sharing platform.

An investigation revealed that unauthorized access to files occurred on the same day, with a subsequent review confirming on May 5, 2026, that exposed data included first and last names and Social Security numbers. The extent of compromised information may vary by individual.

On April 29, 2026, the ransomware group INC RANSOM claimed responsibility, posting on the dark web that it had exfiltrated two terabytes of data from Fulcrum.

In response, Fulcrum engaged cybersecurity experts to assess the breach, implemented additional security measures, and reported the incident to the FBI. The company is offering affected individuals complimentary identity protection services, including credit monitoring, dark web monitoring, and identity theft recovery, through IDX. Enrollment requires a unique code provided in notification letters, with a deadline of August 29, 2026.

The breach was formally disclosed to the Massachusetts Office of Consumer Affairs and Business Regulation, which identified two state residents among those impacted.

Source: https://www.claimdepot.com/data-breach/fulcrum-real-estate-services-2026

Fulcrum Real Estate Services, Inc. cybersecurity rating report: https://www.rankiteo.com/company/fulcrumre

"id": "FUL1780518307",
"linkid": "fulcrumre",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'At least 2 state residents '
                                              '(Massachusetts)',
                        'industry': 'Real Estate',
                        'location': 'Tacoma and Tumwater, Washington, USA',
                        'name': 'Fulcrum Real Estate Services Inc.',
                        'type': 'Property Management Company'}],
 'attack_vector': 'Cloud-based file-sharing platform (Egnyte)',
 'customer_advisories': 'Complimentary identity protection services (credit '
                        'monitoring, dark web monitoring, identity theft '
                        'recovery) through IDX. Enrollment deadline: August '
                        '29, 2026.',
 'data_breach': {'data_exfiltration': '2 terabytes of data',
                 'personally_identifiable_information': 'First and last names, '
                                                        'Social Security '
                                                        'numbers',
                 'sensitivity_of_data': 'High (Social Security numbers)',
                 'type_of_data_compromised': 'Personally Identifiable '
                                             'Information (PII)'},
 'date_detected': '2026-03-09',
 'date_publicly_disclosed': '2026-05-05',
 'description': 'Fulcrum Real Estate Services Inc., a property management '
                'company based in Tacoma and Tumwater, Washington, disclosed a '
                'ransomware attack that compromised sensitive personal data. '
                'The breach was first detected on March 9, 2026, when '
                'suspicious activity was identified on the company’s Egnyte '
                'cloud-based file-sharing platform. Unauthorized access to '
                'files occurred on the same day, with a subsequent review '
                'confirming on May 5, 2026, that exposed data included first '
                'and last names and Social Security numbers. The ransomware '
                'group INC RANSOM claimed responsibility on April 29, 2026, '
                'posting on the dark web that it had exfiltrated two terabytes '
                'of data from Fulcrum.',
 'impact': {'data_compromised': 'First and last names, Social Security numbers',
            'identity_theft_risk': 'High',
            'systems_affected': 'Egnyte cloud-based file-sharing platform'},
 'initial_access_broker': {'entry_point': 'Egnyte cloud-based file-sharing '
                                          'platform'},
 'investigation_status': 'Ongoing',
 'ransomware': {'data_exfiltration': 'Yes'},
 'references': [{'source': 'Incident disclosure by Fulcrum Real Estate '
                           'Services Inc.'}],
 'regulatory_compliance': {'regulatory_notifications': 'Massachusetts Office '
                                                       'of Consumer Affairs '
                                                       'and Business '
                                                       'Regulation'},
 'response': {'communication_strategy': 'Notification letters to affected '
                                        'individuals, disclosure to '
                                        'Massachusetts Office of Consumer '
                                        'Affairs and Business Regulation',
              'law_enforcement_notified': 'FBI',
              'remediation_measures': 'Additional security measures '
                                      'implemented',
              'third_party_assistance': 'Cybersecurity experts'},
 'threat_actor': 'INC RANSOM',
 'title': 'Fulcrum Real Estate Services Suffers Ransomware Attack, Exposing '
          'Social Security Numbers',
 'type': 'Ransomware'}

Fulcrum Real Estate Services Inc.: Fulcrum Real Estate data breach exposes Social Security numbers

Evanston Township High School: ETHS: Still trying to determine scope of breach

DTG Consulting Solutions and Inc.: DTG Consulting Solutions Data Breach Lawsuit Investigation

Instagram, TikTok and White House: Instagram Glitch Reportedly Exposed Contact Info of Zuckerberg and Other Users