Cybersecurity Breach at William C. Smith and Company Exposes PII
On May 18, 2025, Washington, D.C.-based real estate firm William C. Smith and Company detected unauthorized access to its network following suspicious activity. A third-party cybersecurity investigation revealed that an unknown threat actor had infiltrated company systems between May 5 and May 18, 2025, accessing and exfiltrating files containing personally identifiable information (PII).
The breach exposed sensitive data, including names and Social Security numbers. A review to assess the scope of the incident concluded on October 21, 2025, identifying at least three Maine residents among those affected. The total number of impacted individuals across the U.S. remains undisclosed.
On January 12, 2026, the company notified affected consumers via written notice and filed disclosures with the Maine and Vermont Attorneys General. In response to the breach, William C. Smith and Company contained the incident, secured its systems, and reported the matter to federal law enforcement and state regulators.
To mitigate potential harm, the firm is offering 12 months of complimentary credit monitoring and identity restoration services through Experian to impacted individuals. The company also provided guidance on protective measures, such as monitoring financial accounts, obtaining credit reports, and placing fraud alerts or credit freezes.
The incident underscores the ongoing risk of PII exposure in cyberattacks targeting corporate networks.
Source: https://www.claimdepot.com/data-breach/wcs-construction-2026
Williams Plumbing / Williams Civil Construction cybersecurity rating report: https://www.rankiteo.com/company/williams-companies
"id": "WIL1768357793",
"linkid": "williams-companies",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least 3 (Maine residents), '
'total number not reported',
'industry': 'Real Estate',
'location': 'Washington, D.C.',
'name': 'William C. Smith and Company',
'type': 'Real Estate Firm'}],
'customer_advisories': 'Guidance on steps to protect from identity theft or '
'fraud, including monitoring accounts, obtaining '
'credit reports, and placing fraud alerts or credit '
'freezes.',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Names, Social '
'Security numbers',
'sensitivity_of_data': 'High (Social Security numbers)',
'type_of_data_compromised': 'Personally identifiable '
'information'},
'date_detected': '2025-05-18',
'date_publicly_disclosed': '2026-01-12',
'description': 'An unknown actor gained unauthorized access to certain '
'company systems between May 5, 2025, and May 18, 2025, '
'accessing and exfiltrating files containing personally '
'identifiable information.',
'impact': {'data_compromised': 'Personally identifiable information (names, '
'Social Security numbers)',
'identity_theft_risk': 'High'},
'investigation_status': 'Concluded (review process completed on 2025-10-21)',
'recommendations': 'Monitor account statements, obtain free credit reports, '
'place fraud alerts or credit freezes, enroll in '
'complimentary credit monitoring and identity restoration '
'services.',
'references': [{'source': 'Maine Attorney General'},
{'source': 'Vermont Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney '
'General, Vermont '
'Attorney General'},
'response': {'communication_strategy': 'Written notice to consumers and '
'disclosure to state attorneys general',
'containment_measures': 'Steps taken to contain the breach and '
'secure systems',
'law_enforcement_notified': 'Federal law enforcement',
'third_party_assistance': 'Third-party cybersecurity specialist'},
'threat_actor': 'Unknown',
'title': 'Unauthorized Access and Data Breach at William C. Smith and Company',
'type': 'Data Breach'}