Thomas Safran & Associates Data Breach Compromises SSNs & Names

On Sept. 8, 2025, Thomas Safran & Associates, a real estate development and management company based in Los Angeles, experienced a significant data breach involving unauthorized access to a confidential computer server. The cybersecurity event

The breach was first identified when suspicious activity was detected on the company’s network. Immediate steps were taken to secure the environment, and outside computer forensic experts were engaged to assist with the investigation.

Further analysis revealed that the breach was caused by a ransomware attack carried out by the PLAY ransomware group, who claimed responsibility on the dark web on Sept. 17, 2025. The group threatened to publish the stolen data within days, stating that they had obtained private and personal confidential data, client documents, budget, payroll, accounting, tax records, IDs and financial information.

The investigation determined that the compromised documents included personally identifiable information (PII) such as names, dates of birth, addresses and Social Security numbers. The breach affected an undisclosed number of individuals, including residents and possibly employees, given the nature of the information stored on the targeted server.

The incident was officially disclosed to the California Attorney General’s office on Nov. 24, 2025.

Thomas Safran and Associates’ response

In response to the breach, Thomas Safran & Associates took several immediate and ongoing actions to protect affected individuals and prevent future incidents. The company secured and restored its systems, tightened access controls and began evaluating additional technical safeguards to strengthen system security.

If you receive notification from Thomas Safran and Associates about this breach, you may want to:

• Sign up for the free Cyberscout identity theft protection services, offered by Thomas Safran and Associates.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information about the data breach, impacted individuals can call 1-800-405-6108, Monday through Friday, from 8:00 a.m. to 8:00 p.m., ET.