River Park Mutual Homes is in southwest D.C.; caught between two rivers, the area has a variety of inhabitants. Over 2,000 clients of River Park may reconsider, though—their details may have been outed by compromised employee email accounts.
Not much is public about how the attack happened or who committed it. What is known is that the employees were attacked using their email accounts. It is unknown how the attackers obtained access. The accounts were accessed multiple times over eight months, with the breach stopping after River Park noticed suspicious activity.
The breach began in April 2022 and continued until January 2023. River Park initially noticed strange activity as early as July 2022, but the subsequent investigation did not finish until April 11th, 2023. River Park conducted another review on August 3rd, 2023, resulting in impacted parties getting sent notices around November 8th.
Neither the consumer notice nor the website notice specify who may feel the impact of this breach. The Maine Attorney General’s office suggests at least 2,200 people may have information at risk for misuse due to the event. The parties most at risk in this breach are likely homeowners and account holders.
Although River Park’s investigations took months, their notices say nothing about the scope of the attack. Additionally, the public is unlikely to learn more because the investigations have finished. Those who have had information stolen in this breach must take steps to protect their Internet privacy and data security.