Greenhouse Apartments, a pet-friendly apartment community in Kennesaw, Georgia, suffered a ransomware attack that affected 3,473 people across the United States.
According to the company’s notification letter to affected individuals, Greenhouse Apartments discovered the cybersecurity incident on or about Sept. 21, 2025.
How the breach happened and what was found
A third-party forensic investigation determined that the breach took place between Sept. 20, 2025, and Sept. 21, 2025.
On Oct. 24, 2025, a ransomware group known as Safepay claimed responsibility for the attack in a posting on the Tor network. The group claimed to have obtained the organization’s data. Ransomware attacks typically involve hackers gaining access to a company’s systems, stealing or locking data and then demanding payment.
The company reported to the Maine Attorney General that it determined the breach on Feb. 5, 2026, and began notifying consumers by written letter on March 13, 2026.
A total of 3,473 people in the United States were affected by the incident, including six residents of Maine.
The specific types of personal information exposed were not publicly disclosed, as each affected person received a letter listing only the data elements relevant to them.
What the company is doing in response
Greenhouse Apartments is offering affected individuals free credit monitoring services. The monitoring provides alerts when changes occur to a person’s credit file. To enroll, recipients need to use the unique code included in their individual notification letter. Enrollment must be completed within 90 days of the letter’s date.
The company has also set up a dedicated call center for questions. According to the notification, representatives are available Monday through Friday from 8 a.m. to 8 p.m. Eastern time, excluding holidays. The call center will remain active for 90 days from the date of each recipient’s letter.
Steps to take if your information may have been exposed
- Enroll in the free credit monitoring provided by Greenhouse Apartments. Use the unique code from the notification letter and sign up within 90 days.
- Place a fraud alert with one of the three major credit bureaus. A fraud alert requires creditors to take extra steps to verify identity before opening new accounts. Contact Equifax at 1-800-349-9960, Experian at 1-888-397-3742 or TransUnion at 1-888-909-8872. An alert placed with one bureau is automatically shared with the other two. Initial fraud alerts last one year.
- Consider placing a security freeze on credit reports with all three bureaus. A security freeze prevents new credit, loans and services from being approved without consent. Placing and removing a freeze is free.
- Monitor credit reports for unfamiliar accounts or inquiries. Free credit reports from all three bureaus are available at AnnualCreditReport.com.
- Request an IRS Identity Protection PIN. This six-digit number prevents someone else from filing a tax return using another person’s Social Security number. The fastest way to get one is through the IRS online tool at irs.gov.
- Review bank and credit card statements closely for any unauthorized or suspicious transactions. Report anything unfamiliar to the financial institution right away.
- Be cautious of phishing attempts. Scammers sometimes use real data breaches to send convincing emails or letters that trick people into sharing more personal information. Be wary of any unexpected communication that references this breach by name or asks for sensitive details.
