Anywhere Real Estate Data Breach Affects 17k: SSNs and other PII Exposed

On Nov. 24, 2025, Anywhere Real Estate Inc. (formerly Realogy Corporation), a global real estate services provider, discovered a cybersecurity incident affecting its Oracle E-Business Suite (EBS) environment. The incident has impacted 17,429 individuals, including 1,487 in Texas, 658 in Massachusetts, 151 in New Hampshire, and 69 in Maine.

A detailed investigation, supported by third-party cybersecurity experts, revealed that the incident impacted individuals associated with Anywhere Real Estate, Cartus, NRT (National Realty Trust), Title Resource Group and Real Estate Franchise Group.

The breach was the result of an unauthorized third party exploiting a then-unknown “zero day” vulnerability in Oracle software. This sophisticated attack enabled the intruder to gain access to the company’s Oracle EBS environment and download sensitive data, including information about franchisees, brokers and, most notably, current and former employees.

The ransomware group CL0P claimed responsibility for the attack, posting about the incident on the dark web on Nov. 21, 2025. The group asserted that they had obtained the company’s data and threatened to release it if their demands were not met.

The types of personal information exposed included names, addresses, contact information, dates of birth, Social Security numbers and basic job details.

The breach was officially disclosed to the Maine Attorney General, Massachusetts Office of Consumer Affairs and Business Regulation, New Hampshire Attorney General, Texas Attorney General, and the Vermont Attorney General starting on Feb. 2, 2026.

Anywhere Real Estate's response

After discovering the breach, Anywhere Real Estate took action to contain the threat and remediate the exploited vulnerability, working closely with Oracle and external cybersecurity experts. The company conducted a comprehensive review of the impacted data and swiftly applied necessary security patches to prevent further unauthorized access.

To support those affected, the company is offering 24 months of complimentary credit monitoring and identity protection services through Experian IdentityWorks. Impacted individuals can enroll in these services by following the instructions provided in the company’s notification letter.

The credit monitoring package includes daily credit reports, credit monitoring across all three major bureaus, identity restoration support and up to $1 million in identity theft insurance.

The company also provided detailed instructions and resources for further protecting personal information, including contact information for credit bureaus and relevant state agencies.

Given the nature of the breach, impacted individuals are strongly advised to:

• Enroll in the free Experian IdentityWorks services provided by the company
• Regularly monitor credit reports and financial account statements for any signs of suspicious activity
• Consider placing a credit freeze or fraud alert with the major credit bureaus to prevent unauthorized new accounts
• Report any suspected identity theft to law enforcement and the Federal Trade Commission