Rockrose Development Hit by PLAY Ransomware Attack, Exposing Sensitive Data
Rockrose Development L.L.C., a prominent real estate developer and property manager operating in New York City and Washington, D.C., suffered a major data breach on July 4, 2025, after unauthorized actors infiltrated its systems. The cybercriminal group PLAY claimed responsibility for the ransomware attack, later posting about the breach on the dark web on July 14, 2025, and threatening to release stolen data if demands were not met.
The exposed information includes a broad range of sensitive data, such as names, Social Security numbers, taxpayer IDs, driver’s license and passport numbers, bank account details, health insurance records, medical information, and online account credentials. The breach affects employees, residents, and other individuals associated with Rockrose.
Rockrose launched an investigation with third-party cybersecurity experts, secured its systems, and implemented additional safeguards. The company disclosed the incident via a Notice of Data Security Incident on its website and reported the breach to the California Attorney General’s office on December 12, 2025.
To mitigate potential harm, Rockrose is offering 24 months of complimentary Experian IdentityWorks to affected individuals and has established a dedicated call center for inquiries. The severity of the breach underscores the risks posed by ransomware attacks targeting high-value personal and financial data.
Source: https://www.claimdepot.com/data-breach/rockrose-development-corp-2025
Rockrose Development Corp. cybersecurity rating report: https://www.rankiteo.com/company/rockrose-development-corp.
"id": "ROC1765570310",
"linkid": "rockrose-development-corp.",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Employees, residents, and '
'others affiliated with the '
'company',
'industry': 'Real Estate',
'location': 'New York City, Washington, D.C.',
'name': 'Rockrose Development L.L.C.',
'type': 'Real Estate Developer and Property Manager'}],
'customer_advisories': 'Dedicated call center at 833-931-3792, 8 a.m. to 8 '
'p.m., ET, Monday through Friday. Complimentary access '
'to Experian IdentityWorks for 24 months for impacted '
'individuals.',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Taxpayer '
'identification '
'numbers',
'Driver’s license '
'numbers',
'Passport numbers',
'Bank account and '
'routing numbers',
'Health insurance '
'information',
'Medical information',
'Online account '
'credentials'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information (PII)',
'Protected health information '
'(PHI)']},
'date_detected': '2025-07-04',
'date_publicly_disclosed': '2025-07-14',
'description': 'Rockrose Development L.L.C. experienced a significant data '
'breach impacting sensitive information belonging to '
'employees, residents, and others affiliated with the company. '
'The breach involved unauthorized access to systems and the '
'exfiltration of confidential data.',
'impact': {'brand_reputation_impact': 'Considerable',
'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion',
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': ['Carefully review any notice or communication from '
'Rockrose Development or associated companies',
'Monitor financial accounts and credit reports for signs '
'of identity theft',
'Consider placing fraud alerts or credit freezes with '
'major credit bureaus',
'Be cautious of unsolicited emails or phone calls '
'requesting personal information'],
'references': [{'source': 'Rockrose Development Notice of Data Security '
'Incident'}],
'regulatory_compliance': {'regulatory_notifications': ['California Attorney '
'General’s office']},
'response': {'communication_strategy': 'Notice of Data Security Incident '
'posted on website, disclosure to '
'California Attorney General’s office',
'containment_measures': 'Secured systems',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Implemented additional cybersecurity '
'safeguards',
'third_party_assistance': 'Cybersecurity experts'},
'threat_actor': 'PLAY',
'title': 'Rockrose Development Data Breach',
'type': 'Ransomware'}