Time Equities Data Breach: 3.1TB of PII Exposed

Time Equities Inc., a privately held real estate investment and development company headquartered in New York City, disclosed a data breach that may have exposed sensitive personal information.

The breach stemmed from suspicious email activity that Time Equities first learned of on Oct. 16, 2025. Upon detecting the activity, the company initiated an investigation and brought in cybersecurity experts to assist with the process.

The investigation determined that certain files may have been accessed and acquired without authorization on Oct. 16, 2025. Time Equities then conducted a comprehensive review of those files to determine what personal information they contained.

The review was not completed until April 24, 2026, more than six months after the suspicious activity was first detected.

On Oct. 29, 2025, roughly two weeks after the initial suspicious activity was detected, a ransomware group known as Payouts King posted a claim on the Tor network. The group stated it had obtained 3.1 terabytes of data from the organization.

The types of personal information exposed in this breach included first and last name, Social Security number and driver's license number.

The breach was reported to the New Hampshire Attorney General on May 5, 2026. The company began notifying affected consumers on or about April 30, 2026.

Time Equities's response to the breach

The company is offering 12 months of free credit monitoring, credit report and credit score services through Cyberscout, a TransUnion company specializing in fraud assistance and remediation services. The company is also providing proactive fraud assistance through Cyberscout to help individuals who have questions or who become victims of fraud.

Affected individuals can enroll in the credit monitoring services by visiting the Cyberscout activation page and entering the unique code included in their notification letter. Enrollment must be completed within 90 days of the date of the letter.

For questions about the incident, affected individuals can call TransUnion at 1-833-877-7491, Monday through Friday from 8 a.m. to 8 p.m. Eastern Time.

Steps to take if your information was exposed

• Place a fraud alert or security freeze on your credit file by contacting any of the three major credit reporting agencies: Equifax (1-800-525-6285), Experian (1-888-397-3742) or TransUnion (1-833-799-5355).
• Request free copies of your credit reports at AnnualCreditReport.com and review them carefully for any accounts or activity you do not recognize.
• Monitor your financial accounts closely by reviewing bank and credit card statements regularly for unauthorized transactions, as the types of information exposed in this breach could be used to open new accounts or commit other forms of fraud.
• Report any suspected identity theft to the Federal Trade Commission at 877-438-4338 or consumer.ftc.gov and to your state attorney general's office.
• Be cautious of phishing attempts that reference Time Equities Inc. or this data breach by name, as scammers may try to use the incident to trick people into sharing additional personal information.