Rockrose Development over the weekend confirmed it notified 47,392 people of a July 2025 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Taxpayer identification numbers
- Driver’s license numbers
- Passport numbers
- Financial account and routing numbers
- Health insurance info
- Medical info
- Online account credentials of residents and employees
A ransomware gang called Play took credit for the breach shortly after it occurred. Play says it stole documents related to clients, budget, payroll, accounting, and taxes, as well as IDs, financial information, and more from Rockrose.
Rockrose has not verified Play’s claim. We do not know if Rockrose paid a ransom, how much Play demanded, or how attackers breached Rockrose’s network. Comparitech contacted Rockrose for comment and will update this article if it replies.
“Rockrose determined that unauthorized individuals accessed Rockrose’s systems and claim to have acquired confidential information stored in certain of those systems,” says Rockrose’s notice to victims.
The company is offering eligible victims 24 months of free identity protection through Experian. The deadline to enroll is March 31, 2026.
Who is Play?
Play is a ransomware group that has targeted organizations in healthcare finance, manufacturing, real estate, education, and more since June 2022. Its double-extortion model forces targets to pay a ransom both for a decryption key to restore infected systems and to not sell or publicly release stolen data.
In 2025 to date, Play has claimed responsibility for 41 confirmed ransomware attacks, plus 339 unconfirmed claims that haven’t been publicly acknowledged by the targeted organizations.
Rockrose isn’t the first construction company targeted by Play this year. The ransomware group also took credit for these attacks:
- Rock Solid Stabilization & Reclamation notified 1,018 people of a February data breach
- Gorham Sand & Gravel notified 666 people of an April 2025 data breach
- Thomas Safran & Associates reported a September 2025 data breach
- All States Materials group notified 3,268 people of an August 2025 data breach
Ransomware attacks on US construction and real estate
Comparitech researchers have logged 12 confirmed attacks on construction companies and real estate developers to date in 2025, compromising 69,513 records. The attack on Rockrose accounts for the majority of those records and is the largest such attack since we began tracking in 2018.
Other recent ransomware attacks on construction companies and real estate developers include:
- Abhe & Svoboda notified 193 people of a September 2025 data breach claimed by Akira
- Barr & Barr notified more than 900 people of a September 2025 data breach also claimed by Akira
Ransomware attacks on US construction companies can lock down computer systems and steal data. Companies must then either pay a ransom or face extended downtime, data loss, and putting customers at increased risk of fraud. Ransomware can disrupt communication systems, access to files, ordering, billing, payroll, websites, and other critical operations.
About Rockrose Development
Founded in 1970, Rockrose has acquired, developed, or repositioned about 15,000 residential apartments in New York and Washington, DC, plus nearly 6 million square feet of office space, according to the company’s website.
