Garrison Architects reported a data breach to the Attorney General of Massachusetts, revealing that sensitive personally identifiable information (PII) under its care may have been compromised. The exposed data varies per individual but includes highly sensitive details such as names and Social Security numbers (SSNs). The company began notifying affected individuals via breach notification letters on November 7, 2025, offering 24 months of complimentary credit monitoring services as a remedial measure. While the exact nature of the security incident remains undisclosed in the public notice, the exposure of SSNs critical identifiers tied to identity theft, financial fraud, and long-term reputational harm indicates a severe compromise of customer trust. The breach underscores vulnerabilities in the company’s data protection frameworks, potentially exposing individuals to prolonged risks of fraud, phishing, and unauthorized financial activity. The provision of extended credit monitoring suggests the breach’s gravity, as such measures are typically reserved for incidents with lasting consequences for victims.
Source: https://straussborrelli.com/2025/11/14/garrison-architects-data-breach-investigation/
TPRM report: https://www.rankiteo.com/company/garrison-architects
"id": "gar4793047111525",
"linkid": "garrison-architects",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Architecture',
'location': 'Massachusetts, USA',
'name': 'Garrison Architects',
'type': 'Private Company'}],
'customer_advisories': 'Breach notification letters mailed to impacted '
'individuals on November 7, 2025',
'data_breach': {'personally_identifiable_information': ['Name',
'Social Security '
'number'],
'sensitivity_of_data': 'High (includes Social Security '
'numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2025-11-07',
'description': 'Garrison Architects reported to the Attorney General of the '
'Commonwealth of Massachusetts that sensitive personal '
'identifiable information in its care may have been '
'compromised. The breach notice did not elaborate on the '
'nature of the security incident, but impacted data includes '
'names and Social Security numbers. Affected individuals were '
'offered 24 months of complimentary credit monitoring '
'services.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'exposure of sensitive PII',
'data_compromised': ['Name', 'Social Security number'],
'identity_theft_risk': 'High (due to exposure of SSNs)'},
'investigation_status': 'Ongoing (breach notification letters sent, but '
'details remain undisclosed)',
'references': [{'source': 'Attorney General of the Commonwealth of '
'Massachusetts - Breach Notification'}],
'regulatory_compliance': {'regulatory_notifications': 'Notification to the '
'Attorney General of '
'the Commonwealth of '
'Massachusetts'},
'response': {'communication_strategy': 'Breach notification letters mailed to '
'impacted individuals; filing with the '
'Attorney General of Massachusetts',
'incident_response_plan_activated': 'Likely (based on breach '
'notification process)',
'recovery_measures': '24 months of complimentary credit '
'monitoring services for affected '
'individuals'},
'title': 'Garrison Architects Data Breach',
'type': 'Data Breach'}