Data Event
Notice of Cyber Incident
Kirbor Homes (“Kirbor”), like many organizations nationwide, was recently the victim of a cybersecurity incident. This notice provides information about how this incident may have affected personal information and, as a preventative measure, provides steps that you can take to protect your personal information. Kirbor takes the privacy and security of personal information very seriously and we sincerely regret any concern this incident may cause.
What Happened?
On or about June 10, 2026, Kirbor discovered issues with our computer systems and quickly determined we were the victim of a ransomware incident. We immediately took steps to stop the ransomware and engaged outside cybersecurity experts to investigate this event.
Due to the nature of this incident, it is possible that personal information may have been accessed by the perpetrators of the incident. Our systems are currently secure, and our operations have returned to normal. However, we are committed to being transparent about this matter and have decided to provide identity monitoring for potentially affected individuals, out of an abundance of caution.
What Information Was Involved?
Kirbor recognizes that we are entrusted with many types of personal information. The personal information about individuals varies but may include: names, addresses, dates of birth, driver’s license numbers or state identification card number issued in lieu of a driver’s license number, and/or and Social Security numbers.
What We Are Doing
Kirbor has notified law enforcement of this incident, including the FBI. Kirbor is supporting all law enforcement investigations into this matter.
We take our obligation to safeguard personal information very seriously and are continuing to evaluate additional actions to strengthen our network security in the face of an ever-evolving cyber threat landscape. We have reviewed our system security and taken steps to increase that security going forward.
Out of an abundance of caution, Kirbor has arranged to provide free identity monitoring services for potentially affected individuals who would like to receive additional protections. If you wish to obtain identity monitoring, please email us at monitoring@kirborhomes.com.
What You Can Do
Please review the “Additional Resources” section below. This information provides practical steps you can take to help protect yourself, including recommendations from the Federal Trade Commission (“FTC”) regarding identity theft protection and details on placing a fraud alert or a security freeze on your credit file.
We sincerely regret any concern this incident may cause you.
ADDITIONAL RESOURCES
Review Your Account Statements and Obtain and Monitor Your Credit Report
As a precautionary measure, we recommend that you remain vigilant by regularly reviewing and monitoring account statements and credit reports to detect potential errors or fraud and identity theft resulting from the security incident. You may periodically obtain your free credit report from one or more of the national credit reporting companies. You may obtain a free copy of your credit report online at www.annualcreditreport.com, by calling toll-free 18773228228, or by mailing an Annual Credit Report Request Form (available at www.annualcreditreport.com) to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. You may also purchase a copy of your credit report by contacting one or more of the three national credit reporting agencies listed below.
Equifax P.O. Box 740241 Atlanta, GA 30374 1-800-685-1111 www.equifax.com | Experian P.O. Box 9701 Allen, TX 75013 1-888-397-3742 www.experian.com | TransUnion P.O. Box 1000 Chester, PA 19016 1-800-916-8800 www.transunion.com |
When you receive your credit reports, review them carefully. Look for accounts or creditor inquiries that you did not initiate or do not recognize. Look for inaccurate information, such as a home address and Social Security number. If you see anything you do not understand, call the credit reporting agency at the telephone number on the report.
Notify Law Enforcement of Suspicious Activity
You should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, including local law enforcement, your state attorney general, and the Federal Trade Commission (FTC). To file a complaint with the FTC, use the below contact information or website.
The Federal Trade Commission
600 Pennsylvania Avenue, NWWashington, DC 205801-877-ID-THEFT (1-877-438-4338)TTY: 1-866-653-4261www.ftc.gov/idtheft
Complaints filed with the FTC will be added to the FTC’s Identity Theft Data Clearinghouse, which is a database made available to law enforcement agencies. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company which the account is maintained.
Credit Freezes
You have the right to put a security freeze, also known as a credit freeze, on your credit file, so that no new credit can be opened in your name without the use of a Personal Identification Number (PIN) that is issued when you initiate a freeze. A credit freeze is designed to prevent potential creditors from accessing your credit report without your consent. If you place a credit freeze, potential creditors and other third parties will not be able to access your credit report unless you temporarily lift the freeze. Therefore, using a credit freeze may delay your ability to obtain credit. Pursuant to federal law, you cannot be charged to place or lift a credit freeze on your credit report. Should you wish to place a credit freeze, please contact all three major consumer reporting agencies listed below.
Equifax P.O. Box 105788 Atlanta, GA 30348 1-800-685-1111 www.equifax.com | Experian P.O. Box 9554 Allen, TX 75013 1-888-397-3742 www.experian.com | TransUnion P.O. Box 2000 Chester, PA 19016 1-888-909-8872 www.transunion.com |
You must separately place a credit freeze on your credit file at each credit reporting agency. The following information should be included when requesting a credit freeze:
- Your full name, with middle initial and any suffixes;
- Your Social Security number;
- Your date of birth (month, day, and year);
- Your current address and previous addresses for the past five (5) years;
- A copy of your state-issued identification card (such as a state driver’s license or military ID);
- Proof of your current residential address (such as a current utility bill or account statement); and
- Other personal information as required by the applicable credit reporting agency.
If you request a credit freeze online or by phone, then the credit reporting agencies have one (1) business day after receiving your request to place a credit freeze on your credit file report. If you request a lift of the credit freeze online or by phone, then the credit reporting agency must lift the freeze within one (1) hour. If you request a credit freeze or lift of a credit freeze by mail, then the credit agency must place or lift the credit freeze no later than three (3) business days after getting your request. More information regarding credit freezes can be obtained from the FTC and the major consumer reporting agencies.
Fraud Alerts
You also have the right to place an initial or extended fraud alert on your file at no cost. An initial fraud alert will stay on your credit file one (1) year. The alert informs creditors of possible fraudulent activity within your report and requires the creditor to verify your identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting 7 years. Should you wish to place a fraud alert, please contact any one of the three major consumer reporting agencies listed above. The agency you contact will then contact the other two. More information regarding fraud alerts can be obtained from the FTC and the major consumer reporting agencies.
Monitor Your Personal Health Information
If applicable to your situation, we recommend that you regularly review the explanation of benefits statement that you receive from your insurer. If you see any service that you believe you did not receive, please contact your insurer at the number on the statement. If you do not receive the regular explanation of benefits statements, contact your provider and request them to send such statements following the provision of services in your name or number. You may want to order copies of your credit reports and check for any bills that you do not recognize. If you find anything suspicious, call the credit reporting agency at the phone number on the report. Keep a copy of this notice for your records in case of future problems with your records.
Additional Resources and Information
You can obtain additional information and further educate yourself regarding identity theft and the steps you can take to protect yourself by contacting your state attorney general or the FTC. The FTC’s contact information and website for additional information is:
The Federal Trade Commission
600 Pennsylvania Avenue, NW Washington, DC 20580 1-877-ID-THEFT (1-877-438-4338) TTY: 1-866-653-4261 www.ftc.gov/idtheft
For Virginia residents: You may contact the Virginia Attorney General’s Office at 202 North Ninth Street, Richmond, VA 23219; 1-804-786-2071; or https://www.oag.state.va.us/contact-us/contact-info.
For Connecticut residents: You may contact the Connecticut Office of the Attorney General at 165 Capitol Avenue, Hartford, CT 06106; 1-860-808-5318; or https://portal.ct.gov/ag.
For District of Columbia residents: You may contact the Office of the Attorney General for the District of Columbia at 400 6th Street, NW, Washington, DC 20001; 1-202-727-3400; or https://oag.dc.gov/consumer-protection/consumer-alert-online-privacy.
For Iowa residents: You may contact law enforcement or the Iowa Attorney General’s Office to report suspected incidents of identity theft. The Iowa Attorney General’s Office can be reached at 1305 E. Walnut Street, Des Moines, IA 50319; 15152815164; or www.iowaattorneygeneral.gov.
For Maryland residents: You may contact the Maryland Office of the Attorney General, Consumer Protection Division, 200 St. Paul Place, Baltimore, MD 21202; 410-576-6300; 1-888-743-0023 (toll free), or https://www.marylandattorneygeneral.gov/Pages/contactus.aspx.
For Massachusetts residents: You may contact the Office of the Massachusetts Attorney General at 1 Ashburton Place, Boston, MA 02108; 1-617-727-8400; or https://www.mass.gov/orgs/office-of-the-attorney-general. You have the right to obtain a police report if you are a victim of identity theft.
For New Mexico residents: You have rights under the federal Fair Credit Reporting Act (“FCRA”). These include, among others, the right to know what is in your credit file; to dispute incomplete or inaccurate information; and to have consumer reporting agencies correct or delete inaccurate, incomplete, or unverifiable information. For more information about the FCRA, please visit https://files.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf or ww.ftc.gov.
For New York residents: The Attorney General may be contacted at: Office of the Attorney General, The Capitol, Albany, NY 12224-0341; 1-800-771-7755; or https://ag.ny.gov/. You may also contact the Bureau of Internet and Technology (BIT) at 28 Liberty Street, New York, NY 10005; 2124168433; or https://ag.ny.gov/about/about-office/economic-justice-division#internet-technology.
For North Carolina residents: The North Carolina Attorney General’s Office may be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; 919-716-6400; or https://ncdoj.gov/contact-doj/.
For Oregon residents: We encourage you to report suspected identity theft to the Oregon Attorney General at 1162 Court Street NE, Salem, OR 97301; 18778779392; 15033784400; or www.doj.state.or.us.
For Rhode Island residents: You may contact the Rhode Island Office of the Attorney General at 150 South Main Street, Providence, RI 02903; 1-401-274-4400; or https://riag.ri.gov/. You have the right to obtain a police report if you are a victim of identity theft. No Rhode Island residents were impacted by this breach.