Thousands of New York residents who live in buildings run by Douglas Elliman’s property management arm may have had their personal information compromised this month.
Douglas Elliman Property Management’s three managing directors emailed hundreds of co-operative and condominium boards Monday to advise them that the company’s IT network — which contains data for its buildings’ residents and employees — was breached and their personal information may have been compromised.
In the message viewed by The Real Deal, executives said the firm detected “suspicious activity” on its IT systems April 7. After launching an investigation and contacting law enforcement, Elliman determined that an “unauthorized party” gained access to its IT network between April 5 and April 7 and including files containing owners’ and employees’ personal data. A source with knowledge of the situation said the Federal Bureau of Investigation is involved.
Information that may have been compromised includes names, dates of birth, mailing addresses, Social Security numbers, driver’s license numbers, passport numbers and financial information, according to the email. The company has not found any identity theft related to the breach.
“We take the security of our IT systems as well as the privacy of our clients very seriously and are continuing to enhance our security protocols to help prevent a similar incident from occurring in the future,” a spokesperson said in a statement.
The spokesperson said that the breach was limited to the property management arm. Elliman’s brokerage and new-development marketing businesses use separate IT systems and were not affected.
The incident has the potential to affect thousands. As of 2018, Elliman was the largest residential property management firm in New York City, according to an analysis by The Real Deal. The firm represents 390 properties with approximately 46,500 units in New York City and Nassau and Westchester counties.
Notable properties that use Elliman’s management services include white-glove co-ops such as 1 Sutton Place South, 778 Park Avenue, 1040 Fifth Avenue and The Dakota, along with luxury condos including 111 West 57th Street, 40 East End Avenue and 111 Murray Street.
In the email, Elliman’s property management arm said starting on Friday it will reach out to specific individuals whose information may have been exposed. The individuals will be offered a complimentary one-year membership to an identity theft prevention and credit monitoring service. The firm has also set up a hotline to address questions from residents.
“We take this matter very seriously,” wrote Jim Miller, Elly Pateras and John Janangelo, the firm’s three executive managing directors, in the email. “We deeply regret any inconvenience or concern this incident may cause.”
In 2019, Corcoran Group documents detailing agent splits, marketing budgets and gross commission income were sent to its entire workforce after an employee’s email account was compromised. Many in the residential brokerage community said at the time of the breach that it was an unfortunate example of the increasing threat cyberattacks pose to the real estate industry.