Hulberg and Associates Data Breach Affects One

Hulberg and Associates Inc., a real estate appraisal and consulting firm based in San Jose, Calif., experienced a major data breach, impacting an unknown number of individuals. On July 11, 2025, the company discovered suspicious activity on an internal server. An investigation revealed that the cybersecurity incident was a ransomware attack.

The PLAY ransomware group claimed responsibility and threatened to publish the stolen data on July 18, 2025, on a dark web leak site, stating that they had obtained private and confidential data, client documents, budget, payroll, accounting, taxes, IDs, and other financial information.

The cybersecurity incident affected current and former Hulberg and Associates Inc. employees, independent contractors and possibly other individuals involved with the company. The total number of people compromised has not been released.

Exposed information included names, addresses, Social Security numbers, driver’s license or other government-issued identification numbers, dates of birth and bank routing and account numbers used for direct deposits.

Hulberg and Associates Inc. reported the data breach to the Washington Attorney General on Aug. 19, 2025 and the Massachusetts Attorney General on Aug. 20, 2025.

Hulberg and Associates, Inc.'s response

In addition to required state and federal disclosures, the company is offering affected individuals 24 free months of Experian IdentityWorks credit monitoring and identity theft restoration services.

If you receive notification from Hulberg and Associates Inc. about this breach, you may want to:

• Sign up for the free credit monitoring and identity theft restoration services, offered by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.