Rockrose Development
Data Breach Class Action Lawsuit

Posted: December 13, 2025 -- Attention, victims of the Rockrose Development data breach.

Abington Cole + Ellery is investigating the data breach recently announced by Rockrose Development.

Rockrose Development Data Breach Summary:

Approximately 47,000 individuals were affected by the Rockrose Development data breach, and breached data may include, but is not necessarily limited to: name, Social Security number, taxpayer identification number, driver’s license number, passport number, bank account and routing numbers, health insurance information, medical information, and online account credentials. As a result of the data breach, Rockrose Development is offering 24 months of free credit monitoring and/or identity theft protection services to some affected individuals.

If you are a victim of the Rockrose Development data breach, and interested in potentially volunteering to serve as a class representative in a class action lawsuit against Rockrose Development, please submit your information here to be considered:

An attorney-client relationship is not formed by submitting information through this website.

Rockrose Development Data Breach Details:

Rockrose Development L.L.C. publicly posted a “Notice of Data Security Incident” on December 12, 2025, stating it has been investigating a security incident involving unauthorized access to its systems. A filing published by the California Attorney General’s office lists the date of breach as July 4, 2025 (and the sample notification letter is dated December 12, 2025). In its notice, Rockrose says it engaged third-party experts, and that its investigation concluded that unauthorized individuals accessed certain systems and claimed they acquired confidential information stored there; Rockrose also says it took steps to secure systems and has added cybersecurity safeguards.

As described by Rockrose, the incident may have impacted people with ties to the company—specifically mentioning employees and residents of Rockrose properties as examples. Rockrose says the types of information that may have been involved can include a wide range of personally identifiable information such as names, Social Security numbers, taxpayer identification numbers, driver’s license and passport numbers, bank account and routing numbers, health insurance information, medical information, and online account credentials. In the notification letter format filed with the California AG, Rockrose also states it does not know with certainty whether any particular recipient’s information was impacted, but that the recipient was identified as someone whose information “may have been impacted.”

On “how it happened,” Rockrose’s public notice does not describe the initial intrusion method (for example, whether it began with phishing, stolen credentials, exploitation of a vulnerability, etc.). As part of its response, Rockrose says it is offering 24 months of Experian IdentityWorks (with an enrollment deadline of March 31, 2026) and encourages individuals to monitor accounts and use fraud-detection/identity restoration resources.

Additional information about the Rockrose Development data breach may be found here: Rockrose Development - Notice of Data Security Incident. The Rockrose Development Website may also have additional information about or provide periodic updates regarding the data breach.

About Rockrose Development:

Rockrose Development is a real estate development, ownership, and management firm with a long operating history in New York City and Washington, D.C. The company traces its roots to 1970, when it began with renovations of Greenwich Village brownstones and then expanded into larger-scale residential construction, rehabilitation, and office development.

Over the past five decades, Rockrose reports completing or repositioning roughly 70 major projects and scaling to a portfolio that includes about 15,000 residential units, nearly 6 million square feet of office/commercial space, and more than 1 million square feet of retail space (over 21 million square feet in total). Its holdings and developments span multiple New York neighborhoods—including areas like the West Village, the Financial District, and Long Island City—as well as a meaningful commercial presence in Washington, D.C.

Rockrose describes its approach as long-term and hands-on, emphasizing careful project selection, rigorous planning, durable design and construction, and intensive ongoing property management rather than quick turnover. The firm also highlights a focus on mixed-use elements—particularly retail that fits local neighborhood demand—and points to a track record that has received public-sector and design recognition in some cases. Recent activity described by the company includes acquiring stakes and repositioning office assets (for example, a NoMad office building transaction and planned redevelopment work publicized in 2022), illustrating that its work includes both new development and major upgrades to existing properties.

Additional Information:

California Attorney General Submitted Breach Notification Sample

California Attorney General Submitted Breach Notification Sample PDF

Rockrose Development Data Breach Notification (Maine)

For more information about steps you can take to possibly reduce the chances harm arising from a data breach, please review the following article: What are some steps you can take if you've been the victim of a data breach?

If you believe you are a victim of the Rockrose Development data breach, and if you would like to volunteer to serve as a class representative in a class action lawsuit regarding this data breach, please submit your information via the form on this webpage. This website is not associated with nor authorized by Rockrose Development or any affiliated companies. If you have received any other data breach notifications, you may to review Abington Cole + Ellery's current list of data breach investigations.