Brandywine Realty Trust has confirmed that it suffered a ransomware attack earlier this month, which resulted in the theft of company data and the disruption of some parts of its infrastructure.
In an 8-K form filed with the Securities and Exchange Commission (SEC) on May 1, the company said it had “detected a cybersecurity incident.”
Brandywine explained what had happened, saying that an unauthorized third party had gained access to parts of the IT environment and deployed encryption. As soon as it became aware of the attack, the company activated its incident response plan, which included shutting down some parts of its systems, bringing in external cybersecurity experts to assist with the investigation and forensics, and notifying relevant authorities .
Resume activities
As a result of the attack and the company’s incident response activities, portions of Brandywine’s enterprise applications were disrupted and access was restricted. However, the company believes that it has successfully suppressed the attack and that it will not escalate further.
While present on the network, the attackers managed to steal some files from the company, although Brandywine does not yet know what they took. An investigation is currently underway and if results indicate that personal information has been stolen, relevant individuals will be notified, the report said.
“As the investigation into the incident is still ongoing, the full extent, nature and impact of the incident are not yet known. The Company’s real estate operations have continued in all material respects in this matter and as of the date of this filing, the incident has had no further material impact on the Company’s operations,” the filing concludes.
Brandywine believes the incident will have no material impact.
So far, no threat actors have taken responsibility for the attack. When attackers steal sensitive data, they usually publish small samples online and try to pressure the victim to pay a ransom in exchange for keeping the data private.
Through TechCrunch