Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Thomas Safran and Associates data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About Thomas Safran and Associates
Thomas Safran & Associates is a real estate development and management company based in Brentwood, Los Angeles. Since its founding in 1974, the company has focused on developing, owning, and managing affordable, luxury, and mixed-use rental housing throughout Southern California.
The company is known for its commitment to affordable housing, having developed over 6,300 units, with the majority located in Los Angeles County. Thomas Safran & Associates also manages most of its properties, employs approximately 250 people, and has a significant number of new units under construction or in preconstruction.
What Happened?
On or around Sept. 8, 2025, Thomas Safran & Associates detected suspicious activity on its network. The company responded quickly by securing its systems and hiring outside forensic experts to investigate. It was determined that an unauthorized party accessed a server containing confidential information.
According to public disclosures, the PLAY ransomware group claimed responsibility for the attack and threatened to publish stolen data, which may have included private and personal confidential data
Source: https://www.claimdepot.com/investigations/thomas-safran-associates-data-breach-2025
TPRM report: https://www.rankiteo.com/company/thomas-safran-&-associates
"id": "tho1764781086",
"linkid": "thomas-safran-&-associates",
"type": "Ransomware",
"date": "2025-12-03T00:00:00.000Z",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': 'Real Estate',
'location': 'Brentwood, Los Angeles, '
'Southern California',
'name': 'Thomas Safran & Associates',
'size': 'Approximately 250 employees, '
'over 6,300 units developed',
'type': 'Real Estate Development and '
'Management Company'}],
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Threatened to publish '
'stolen data',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally '
'identifiable '
'information'},
'date_detected': '2025-09-08',
'description': 'Thomas Safran & Associates detected suspicious '
'activity on its network on or around September '
'8, 2025. An unauthorized party accessed a server '
'containing confidential information. The PLAY '
'ransomware group claimed responsibility for the '
'attack and threatened to publish stolen data, '
'which may have included private and personal '
'confidential data.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Sensitive personally '
'identifiable information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'Server containing confidential '
'information'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Yes',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': 'PLAY'},
'references': [{'date_accessed': None,
'source': 'Shamis & Gentile P.A.',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': 'Secured systems',
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': 'Outside forensic '
'experts'},
'threat_actor': 'PLAY ransomware group',
'title': 'Thomas Safran and Associates Data Breach',
'type': 'Data Breach, Ransomware'}}