What Happened in the Passco Companies Data Breach?
Passco Companies LLC, a real estate investment and development firm based in Irvine, California, has confirmed a data breach affecting thousands of people. The Passco Companies data breach exposed sensitive personal information after the company detected suspicious activity on its network. As a result, Passco moved quickly to secure its systems and understand the scope of the intrusion.
According to the company’s disclosure, unauthorized access to its network occurred on or about Aug. 7, 2025. During this period, an unauthorized party managed to take limited information from Passco’s systems. The company has not disclosed the specific method of intrusion, but it did confirm that the activity was unauthorized and that data was removed from its environment.
Once Passco identified the suspicious activity, it took immediate action to contain the threat. The company then launched a formal investigation with help from third-party computer forensic specialists. This step allowed Passco to trace how the unauthorized access happened and what systems were affected.
Because the scope of compromised data was not immediately clear, Passco hired a separate third party to conduct a detailed review of the affected files. This review aimed to determine exactly what categories of information were involved and which individuals were impacted. On Dec. 16, 2025, Passco received the results of that review, which confirmed that personal information belonging to certain individuals had indeed been compromised.
Who was affected?
The breach affects approximately 8,335 people across the United States. Regulatory filings show impacted residents in multiple states, including six in Indiana, 12 in Maine, 27 in Massachusetts, six in New Hampshire, 2,127 in Texas and one in Vermont. This wide geographic spread suggests the affected individuals may include clients, tenants, investors, employees or business partners connected to Passco’s real estate operations.
Passco has not publicly disclosed the exact relationship each affected person has to the company. However, given Passco’s role in real estate investment and development, those impacted could include property tenants, individuals involved in real estate transactions, or people whose data was stored for financial or contractual purposes. It also remains unclear whether minors are among those affected, since the source material does not specify age ranges.
What Information Was Potentially Exposed?
The exact types of personal information exposed varied by individual. However, Passco confirmed that several categories of sensitive data were involved in the breach. This mix of information creates significant potential risk for those affected.
- Full names
- Social Security numbers
- Driver’s license or state identification numbers
- Financial account information
Because Social Security numbers and financial account details were exposed, affected individuals face a heightened risk of identity theft. Criminals can use this type of data to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. In addition, exposed driver’s license numbers can be used to create fake identification documents.
Financial account information, in particular, raises the risk of direct account takeover or unauthorized transactions. As a result, affected individuals should treat this breach seriously, even if they have not yet noticed suspicious activity. Identity thieves sometimes wait months or even years before using stolen data, which makes ongoing vigilance essential.
What is the company doing?
After discovering the unauthorized access, Passco acted to secure its network and prevent further compromise. The company also engaged outside forensic experts to investigate the full scope of the incident. This response reflects a standard approach for organizations working to contain a breach and understand its impact.
Once the investigation confirmed which individuals were affected, Passco began notifying them in writing. The company sent an initial round of notification letters dated April 17, 2026, followed by additional notifications dated June 11, 2026. In response to the breach, Passco is also offering complimentary access to Experian IdentityWorks credit monitoring and identity protection services.
This protection package includes a free Experian credit report at signup, ongoing credit monitoring, identity restoration assistance and $1 million in identity theft insurance coverage. Individuals who received the April 17 notification letters have until July 31, 2026, to enroll. Meanwhile, those who received the later notification have until Sept. 30, 2026, to sign up.
Passco also set up dedicated assistance lines to help affected individuals with questions. The company can be reached by phone or by mail at its Irvine, California headquarters. These resources give affected individuals a direct way to seek guidance and enroll in the offered protections.
What Should Affected Individuals Do?
Enroll in the Free Credit Monitoring
If you received a notification letter from Passco, consider enrolling in the complimentary Experian IdentityWorks service right away. This monitoring can alert you to new accounts or suspicious activity tied to your identity. Because enrollment deadlines apply, it helps to act before the July 31 or Sept. 30, 2026 cutoff dates.
Signing up is simple and costs nothing during the enrollment window. In addition to credit monitoring, the service includes identity restoration support if you become a victim of fraud. This assistance can save significant time and stress if your information is misused.
Place a Fraud Alert or Credit Freeze
Because Social Security numbers and financial account information were exposed, placing a fraud alert or credit freeze is a smart precaution. A fraud alert requires lenders to verify your identity before opening new credit in your name. A credit freeze goes further by restricting access to your credit report entirely.
You can request a freeze for free with each of the three major credit bureaus: Equifax, Experian and TransUnion. This process only takes a few minutes online or by phone. As a result, it creates a strong barrier against identity thieves trying to open new accounts using your stolen data.
Monitor Financial Accounts and Statements Closely
Since financial account information was part of the exposed data, review your bank and credit card statements regularly. Look for any unfamiliar charges or withdrawals, even small ones, since fraudsters sometimes test accounts with minor transactions first. If you notice anything suspicious, report it to your financial institution immediately.
In addition, consider setting up transaction alerts through your bank’s mobile app or website. These alerts notify you instantly of new charges, which allows you to catch fraud early. Early detection often makes it easier to reverse unauthorized transactions and limit financial damage.
Stay Alert for Phishing Attempts
After a data breach, scammers often follow up with phishing emails, texts or phone calls pretending to be legitimate companies. Because your name and other personal details were exposed, criminals may use this information to make their messages seem more convincing. Never click on links or share personal information in response to unsolicited messages.
Instead, verify any communication by contacting the company directly through a known phone number or website. This simple step can prevent you from falling victim to a secondary scam tied to the original breach. Staying cautious with unexpected messages is one of the most effective ways to protect yourself going forward.
More Information
Official Data Breach Notification Letter (PDF)
Official Data Breach Notification Letter (PDF)
