Brandywine Realty Trust issued a recent filing to the US Securities And Exchange Commission (SEC), where it confirmed that an unauthorized third-party had gained access to portions of its internal network. The Brandywine Realty Trust data breach is stated to have affected the functioning of some of its internal systems, following preventative measures as part of the firm’s incident response plan.
Brandywine Realty Trust is one of the largest publicly traded real estate companies in the United States with a primary focus in the Philadelphia, Texas and Austin markets. The firm is organized as a real estate investment trust and manages 69 properties comprising of 12.7 million square feet in land spanning multiple states.
Upon detecting the intrusion, the trust initiated its response protocols and took steps to contain affected systems, assess the extent of the attack and move towards remediation. Investigative efforts were held together with external cybersecurity professionals, while details were shared with law enforcement.
Brandywine Realty Trust Data Breach Disrupted Trust’s Operations
The filing reveals that along with unauthorized access to its internal systems, the attack also involved the encryption of some of the company’s internal resources. The encryption process disrupted access to portions of the company’s business applications responsible for several of the company’s internal and corporate functions, including its financial and reporting systems.
The company disclosed that certain files were stolen during the attack, but that it is still working on determining the extent of sensitive and confidential information accessed during the intrusion into its IT systems, and establishing if any personal information had been accessed.
However, the company believes that the intrusion had been been contained from spreading further into its systems and stated that it is working diligently to restore its IT systems back online. The Company is also evaluating if any additional regulatory and legal notifications are required after facing the incident and will issue appropriate notifications according to its findings.
Perpetrator Behind Brandywine Realty Trust Data Breach Unknown
The company is known to have rented out commercial properties to various prominent firms, with its biggest tenants including IBM, Spark Therapeutics, Comcast, and the FMC Corporation.
However, the attack comes during a recent period of increased ongoing volatility in the office commercial space with Brandywine recently cutting down its quarterly dividend, from 19 cents to 15 cents a share, for the first time since 2009.
In an recent interview, the company’s CEO acknowledged “turbulent times” in commercial real estate space and the company aimed at covering its “danger points.” He added the company has plenty of cash and available credit, while noting that compared to its peers, the firm had a substantially lower number of leases set to expire over the next few years.
As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet known. No threat actor individual or group has seemed to claim responsibility for the attack yet.
The disclosure likely follows the introduction of the new rules by the U.S. government in December 2023, where publicly traded companies are required to disclose security incidents they believe may have a material impact on the business. However, Brandywine indicated in its filing that it does not believe the incident is ‘reasonably likely to materially impact the Company’s financial condition or results of operations.’
