Elmhurst Development LLC reports data breach

Elmhurst Development LLC, also known as Elmhurst Group, is reporting a data breach following a cyberattack that led to the compromise of sensitive personal information.

Elmhurst, a real estate investment company headquartered in Pittsburgh, Pennsylvania, manages a portfolio that includes 40 buildings across 21 sites, encompassing over three million square feet of office, distribution, flex, and hotel space.

Elmhurst detected unauthorized activity within its IT systems in mid-May 2024. Tthe company took action to halt any further unauthorized access and engaged leading cybersecurity specialists to investigate the breach. The investigation revealed that the unauthorized access could have occurred as early as mid-May 2024, but due to an encryption event, the full scope of the data breach was not determined until late July 2024. Elmhurst has notified federal law enforcement authorities about the incident.

The data potentially compromised in the breach includes:

• Full names
• Social Security Numbers
• Government-issued ID numbers (e.g., driver's license, passport number)
• Financial account numbers
• Unique biometric data (such as fingerprints, retina or iris images)
• Genetic information
• Health records
• Other unspecified sensitive information

The exact number of individuals affected by the data breach has not been publicly disclosed by Elmhurst Group.

Elmhurst has begun sending data breach notification letters to impacted individuals as of September 5, 2024. The company is offering 24 months of complimentary credit monitoring and identity restoration services through HaystackID.

Affected individuals are encouraged to enroll in these services by December 2, 2024, using a verification code provided in the notification letter.