Greenhouse Apartments data breach impacted about 3,500 individuals

Boston-based high rise residential property, The Greenhouse Apartments, said it suffered a cyber security incident in September that compromised the personal information of close to 3,500 individuals.

 

The residential property, located in Boston’s Back Bay and South End area, recently announced in a data breach incident notification filed with the office of the Attorney General of Maine that the data security incident compromised the names and other personal information of approximately 3,473 individuals.

 

In notification letters sent to affected individuals, The Greenhouse Apartments said that on September 21, it discovered a cyber security incident impacting its systems and promptly launched an investigation with help from a cyber security company to determine the nature and scope of the cyber attack.

 

The investigation, whose scope was also to mitigate the impact of the cyber attack on systems and data, determined that the attack occurred between September 20 and 21 and compromised the personal information of about 3,473 individuals that was stored in the targeted systems.

 

According to BreachSense, the SafePay ransomware group was behind the cyber attack on The Greenhouse Apartments. Instead of running a ransomware-as-a-service operation, SafePay operates centrally, developing its own malware and ransomware variants and conducting direct attacks on small and medium businesses, managed service providers and IT distributors.

 

The ransomware group first appeared in late 2024 and by early 2026, had claimed more than 400 victims. According to cyber intelligence firm Proven Data, SafePay has primarily targeted service-based organisations in sectors ranging from technology, manufacturing, healthcare, legal, financial services, to education.

 

The ransomware group primarily runs a double extortion campaign, encrypting targeted systems and networks after exfiltrating sensitive data to force victims into paying a ransom to continue operations. The group obtains initial access using leaked or stolen credentials or social engineering tactics where its members pose as IT staff to lure victims into giving them remote access to systems.

 

The Greenhouse Apartments did not disclose whether the affected individuals included residents, staff or property hunters or whether it paid a ransom to regain access to the affected systems. The property is providing complimentary credit monitoring, identity protection services, and identity theft insurance services to all affected individuals through privacy ID solutions company Epiq.

 

"We want to assure that we have taken this incident seriously and are committed to continuing to strengthen our systems’ security to prevent a similar event from occurring in the future. We have notified appropriate parties regarding this incident," it said.