Breach taxonomy
Summary
On May 1, 2024, Brandywine Realty Trust detected unauthorized access and deployment of encryption (ransomware) to a portion of its internal corporate IT systems. The incident caused disruptions to business applications including financial and operating reporting systems. Certain files were exfiltrated. The company shut down some systems, activated its incident response plan, and engaged leading external cybersecurity experts. Real estate operations continued in all material respects throughout the incident.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to any specific threat actor → UNKNOWN.
MethodsRansomwareData Exfil
Filing explicitly states unauthorized access and deployment of encryption (ransomware) plus confirms that certain files were exfiltrated (data exfiltration).
AssetsConfidential BizPersonal Data
Filing describes unauthorized access to internal corporate IT systems including financial and operating reporting systems, with certain files exfiltrated — confidential business information and potentially personal data.
EffectsBiz InterruptionInfo Privacy Loss
Encryption of systems caused disruptions to business applications including financial/reporting systems (business interruption), and file exfiltration created information privacy loss exposure.
Business continuityPartial
Filing states the company shut down some systems and activated its incident response plan; real estate operations continued but financial and reporting systems were disrupted → Partial.
Impact
Ransomware with encryption and file exfiltration disrupted corporate IT systems including financial reporting at a major REIT; real estate operations continued but significant corporate system disruption occurred.
InsuranceNot disclosed
Filing makes no mention of insurance.
Read the original SEC filing excerpt
Item 1.05 Material Cybersecurity Incidents. On May 1, 2024, Brandywine Realty Trust detected what was determined to be a cybersecurity incident, whereby a third party gained unauthorized access to portions of its information technology environment. Upon detecting the unauthorized occurrences, the Company promptly initiated its previously established response protocols and began taking steps to contain, assess and remediate the incident, including beginning an investigation with leading external cybersecurity experts, activating its incident response plan, shutting down some systems and notifying law enforcement. The cybersecurity incident consisted of unauthorized access and deployment of encryption by a third party to a portion of the Company's internal corporate IT systems. The incident caused disruptions to, and limitation of access to, portions of the Company's business applications supporting aspects of the Company's operations and corporate functions, including financial and operating reporting systems. Based on the information reviewed to date, the Company believes the unauthorized activity has been contained and is working diligently to bring the impacted portions of its IT systems back online. Although the Company ascertained that certain files were exfiltrated, it is still investigating the extent of any sensitive information contained within the accessed IT systems, including any personal information.