News
Easterly Government Properties data breach exposes Social Security numbers and tax data
BlogBreachesResourcesNews
Easterly Government Properties data breach exposes Social Security numbers and tax data

Easterly Government Properties data breach exposes Social Security numbers and tax data

Paul McCarthy
Paul McCarthy
June 16, 2026

Key facts: Easterly Government Properties data breach

  • Date reported: June 15, 2026
  • Target entity: Easterly Government Properties
  • Source of breach: Third-party security incident involving EY (Ernst & Young)
  • Data types: Names, physical mailing addresses, Social Security numbers, taxable income
  • Status: Confirmed; reported on June 15, 2026.
  • Severity: Medium; exposure of Social Security numbers and financial data increases the risk of identity theft and tax fraud.

What happened in the Easterly Government Properties data breach?

Easterly Government Properties (easterlyreit.com) experienced a data breach stemming from a third-party security incident at their professional tax services vendor, EY. The incident was officially reported on June 15, 2026. While the company itself was not the primary target of the breach, the unauthorized access to EY's systems allowed an unidentified party to acquire sensitive files related to Easterly Government Properties' records.

The breach resulted in the acquisition of personal information, including names, mailing addresses, Social Security numbers, and taxable income. This incident is classified as medium severity due to the sensitive nature of the financial and identification data involved. Such exposure typically increases the risk of identity theft and fraudulent tax filings. Easterly Government Properties has expressed regret regarding the incident and the inconvenience caused to affected individuals.

Who is behind the incident?

The attacker or cause of the incident has not been identified.

Impact and risks for Easterly Government Properties investors and employees

The exposure of Social Security numbers and taxable income presents significant risks to affected individuals, particularly regarding identity theft and financial fraud. Malicious actors could use this information to open unauthorized credit accounts or file fraudulent tax returns to claim refunds. Additionally, the availability of physical addresses and names makes individuals more susceptible to targeted phishing attacks or physical mail scams.

Typical outcomes for this type of breach include a long-term risk of credential abuse and financial exploitation. Affected parties should immediately monitor their credit reports for suspicious activity, consider placing a credit freeze, and be vigilant for any unexpected communications from tax authorities. Transparency regarding the breach allows individuals to take necessary steps to protect their personal and financial well-being.

How to protect against similar security incidents

In light of the data breach at Easterly Government Properties involving Social Security numbers and tax information, individuals should take immediate steps to secure their financial identities.

  • Implement credit freezes and monitoring. Contact the major credit bureaus to place a freeze on your credit reports to prevent unauthorized accounts from being opened. Regularly review bank statements and credit reports for any transactions you do not recognize.
  • Protect against tax identity theft. Be alert for notifications from the IRS regarding duplicate tax filings or unexpected account activity. Consider applying for an IRS Identity Protection PIN (IP PIN) to ensure only you can file a tax return using your Social Security number.
  • Enhance account security. Enable multi-factor authentication (MFA) on all financial and personal accounts to provide an additional layer of protection. Use a password manager to generate and store complex, unique passwords for every online service.
  • Monitor third-party risk. Organizations should implement continuous monitoring of their third-party vendors to identify potential security gaps in the supply chain. Utilize attack surface management tools to maintain visibility over digital assets and identify vulnerabilities before they are exploited.

Taking proactive measures and maintaining high security hygiene are the most effective ways to mitigate the risks associated with identity theft.

Frequently asked questions

What happened in the Easterly Government Properties security breach?

On June 15, 2026, Easterly Government Properties (easterlyreit.com) disclosed a security breach. According to initial reports, a third-party security incident involving their professional tax services vendor, EY, resulted in the unauthorized acquisition of personal information including names, mailing addresses, Social Security numbers, and taxable income.

When did the Easterly Government Properties breach occur?

The Easterly Government Properties breach was publicly reported on June 15, 2026. The exact date of the attack has not been disclosed.

What data was exposed?

The types of data involved in the Easterly Government Properties incident include names, physical mailing addresses, Social Security numbers, and taxable income. This page will be updated as verified information becomes available.

Is my personal information at risk?

If you interacted with Easterly Government Properties, there's a possibility your personal information could be affected. Because this specific breach confirmed the exposure of Social Security numbers and taxable income, affected individuals face an immediate and direct risk of identity theft and tax fraud.

What steps should companies take after being breached?

Easterly Government Properties is expected to secure its systems, notify affected parties, and provide guidance on protective actions. The company may also review its third-party security measures and deploy attack surface management to prevent future incidents.

This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.

How secure is Easterly Government Properties, Inc?

Easterly Government Properties, Inc. is a publicly traded real estate investment trust based in Washington, D.C., that utilizes easterlyreit.com as its official online platform to provide information regarding its acquisition, development, and management of Class A commercial properties leased primarily to U.S. Government agencies.
  • Check icon
    View our free preliminary report on Easterly Government Properties, Inc’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View Easterly Government Properties, Inc's score
View score
https://easterlyreit.com/
Security ratings
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.

Latest news

Stay up-to-date with the latest news in cybersecurity.
American Express data breach: key facts and what we know so far

American Express data breach: key facts and what we know so far

A data breach involving American Express was reported in June 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
June 11, 2026
The University of Western Australia data breach: what happened and what's at risk

The University of Western Australia data breach: what happened and what's at risk

A data breach involving The University of Western Australia was reported in June 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
June 10, 2026
Council of Europe data breach: ShinyHunters claims theft of HR and payroll records

Council of Europe data breach: ShinyHunters claims theft of HR and payroll records

A data breach involving Council of Europe was reported in June 2026. See incident details, impact on staff, and recommended security measures.
UpGuard Team
UpGuard Team
June 15, 2026
Nintendo data breach: 859MB of employee data compromised by SHADOWBYT3$

Nintendo data breach: 859MB of employee data compromised by SHADOWBYT3$

A data breach involving Nintendo was reported in June 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
June 16, 2026
Orthopaedic Specialists of Massachusetts data breach: key facts and what we know so far

Orthopaedic Specialists of Massachusetts data breach: key facts and what we know so far

A data breach involving Orthopaedic Specialists of Massachusetts was reported in June 2026. See incident details, impact on patients, and recommended security measures.
UpGuard Team
UpGuard Team
June 15, 2026
Bellflower Unified School District data breach: what happened and what's at risk

Bellflower Unified School District data breach: what happened and what's at risk

A data breach involving Bellflower Unified School District was reported in June 2026. See incident details, impact on customers, and security measures.
UpGuard Team
UpGuard Team
June 15, 2026
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating