Onyx Equities Data Breach Exposes SSNs: Details

Onyx Equities LLC, a real estate investment and property services firm headquartered in Woodbridge, New Jersey, disclosed a cybersecurity incident that may have exposed consumers' Social Security numbers.

The breach was reported to the Massachusetts Office of Consumer Affairs and Business Regulation. The company began sending notification letters to affected individuals dated March 31, 2026.

The total number of people impacted across the United States was not disclosed in available regulatory filings; however, at least six Massachusetts residents were impacted.

What happened in the Onyx Equities data breach

On Jan. 21, 2026, a ransomware group known as CL0P posted a claim on the dark web using the Tor network. The group alleged that it had obtained data belonging to Onyx Equities.

More than two months after that dark web posting, the company's notification letter to consumers did not specify when the breach first occurred, when the company discovered it or how the attackers gained access to its systems.

Onyx Equities' response to the breach

The company arranged for 24 months of complimentary single-bureau credit monitoring, credit report and credit score services through Cyberscout, a TransUnion company that specializes in fraud assistance and remediation.

To activate coverage, affected individuals must visit the Cyberscout enrollment page and enter the unique code included in their notification letter. Enrollment must be completed within 90 days of the date of the letter.

The company encourages affected individuals to remain vigilant by regularly reviewing their account statements and credit histories for signs of unauthorized transactions or activity.

Onyx Equities established a dedicated phone line at 1-800-405-6108 for those with questions or concerns about the incident. The line is available from 8 a.m. to 8 p.m. Eastern time, Monday through Friday, excluding holidays.

Individuals may also contact the company by writing to 90 Woodbridge Center Drive, Suite 505, Woodbridge, NJ 07095.

Steps to take if your information was exposed

• Place a credit freeze on your credit reports with Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-800-680-7289) to prevent anyone from opening new accounts using your Social Security number.
• Request your free credit reports at AnnualCreditReport.com and review them carefully for any accounts or inquiries you do not recognize.
• Consider placing a fraud alert with one of the three major credit bureaus, which requires businesses to verify your identity before extending new credit in your name.
• Monitor your financial accounts and bank statements closely for any unauthorized transactions or suspicious activity, and report anything unusual to your financial institution right away.
• Be cautious of phishing attempts that reference Onyx Equities or this data breach by name, as scammers sometimes use real breach notifications to trick people into sharing more personal information.
• Report suspected identity theft to the Federal Trade Commission at identitytheft.gov or by calling 1-877-438-4338.