Glenwood Management Corp., a New York-based real estate developer and luxury property management firm, suffered a ransomware attack in July 2025, disclosed in September 2025. The breach, claimed by the dark web group *Payouts King*, involved the theft of 150 GB of company data, including Social Security numbers of 8,146 individuals across the U.S. (including employees and customers). The attackers threatened to publish the data if demands were not met. The incident exposed highly sensitive personally identifiable information (PII), prompting regulatory notifications to multiple state attorney general offices. Affected individuals were offered 12 months of credit monitoring and fraud assistance, but the breach poses significant risks of identity theft, financial fraud, and long-term reputational harm to both the company and victims. Legal investigations are underway for potential compensation claims.
Source: https://www.claimdepot.com/investigations/glenwood-management-data-breach-2025
TPRM report: https://www.rankiteo.com/company/glenwood-management-corporation
"id": "gle5902859100425",
"linkid": "glenwood-management-corporation",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '8,146 individuals (including 9 '
'in Maine, 78 in Massachusetts)',
'industry': 'Real Estate Development & Property '
'Management',
'location': 'New York City, New York, USA',
'name': 'Glenwood Management Corp.',
'size': '120+ employees',
'type': 'Private Company'}],
'customer_advisories': ['Free credit monitoring enrollment instructions '
'provided via notification letter.',
'Proactive fraud assistance offered through '
'Cyberscout.',
'Recommendations for fraud alerts, credit freezes, '
'and FTC reporting.'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '8,146',
'personally_identifiable_information': ['Social Security '
'numbers'],
'sensitivity_of_data': 'High (includes Social Security '
'numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-09-25',
'date_publicly_disclosed': '2025-10-02',
'description': 'Glenwood Management Corp., a New York-based real estate '
'developer and property management firm, suffered a '
'significant ransomware attack in July 2025. The breach, '
"claimed by the threat actor group 'Payouts King,' involved "
'the exfiltration of 150 GB of company data, including Social '
'Security numbers of 8,146 individuals across the U.S. The '
'incident was discovered on September 25, 2025, with '
'notifications to affected parties beginning on October 2, '
'2025. The company offered 12 months of free credit monitoring '
'and fraud assistance through Cyberscout (TransUnion).',
'impact': {'brand_reputation_impact': 'High (public disclosure, legal '
'investigations, potential lawsuits)',
'data_compromised': True,
'identity_theft_risk': 'High (Social Security numbers exposed)',
'legal_liabilities': 'Potential (class action lawsuits, regulatory '
'scrutiny)'},
'initial_access_broker': {'data_sold_on_dark_web': True},
'investigation_status': 'Ongoing (law firm investigations, potential '
'lawsuits)',
'motivation': ['Financial Gain', 'Data Theft'],
'ransomware': {'data_exfiltration': True},
'recommendations': ['Enroll in free credit monitoring within 90 days of '
'notification.',
'Monitor financial accounts and credit reports for '
'suspicious activity.',
'Place a fraud alert or security freeze on credit files.',
'Report identity theft to the FTC and local law '
'enforcement.',
'Review rights under the Fair Credit Reporting Act '
'(FCRA).'],
'references': [{'source': 'Shamis & Gentile P.A. (Class Action Law Firm '
'Investigation)'}],
'regulatory_compliance': {'legal_actions': ['Potential class action lawsuits',
'Investigation by state attorney '
'general offices (Maine, '
'Massachusetts, Vermont)'],
'regulatory_notifications': ['State attorney '
'general offices '
'(Maine, '
'Massachusetts, '
'Vermont)']},
'response': {'communication_strategy': ['Notifications to affected '
'individuals (starting 2025-10-02)',
'Reporting to state attorney general '
'offices (Maine, Massachusetts, '
'Vermont)'],
'incident_response_plan_activated': True,
'remediation_measures': ['Free single-bureau credit monitoring '
'(12 months)',
'Proactive fraud assistance'],
'third_party_assistance': ['Cyberscout (TransUnion) for credit '
'monitoring and fraud assistance']},
'threat_actor': 'Payouts King',
'title': 'Glenwood Management Corp. Data Breach (2025)',
'type': ['Data Breach', 'Ransomware Attack']}