BRANDYWINE OPERATING PARTNERSHIP, L.P. - ()
Date
Filing
8-K/A Filing Date: May 28, 2024
Item 1.05 Material Cybersecurity Incidents
As disclosed in the Original Report, on May 1, 2024, the Company detected unauthorized occurrences by a third party on portions of the Company’s information technology (“IT”) systems. Upon detecting the unauthorized occurrences, the Company promptly initiated its previously established response protocols and began taking steps to contain, assess and remediate the cybersecurity incident, including beginning an investigation with leading external cybersecurity experts, activating its incident response plan, shutting down portions of the IT systems and notifying law enforcement.
The detected occurrences consisted of the third party’s unauthorized access to, and deployment of encryption to, a portion of the Company’s internal corporate IT systems and the exfiltration of certain files, including files containing personal information. The cybersecurity incident caused disruptions, and limitation of access, to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems. The Company’s real estate operations have continued throughout the period since the detection of the cybersecurity incident in all material respects.
As a result of the Company’s remediation and other activities, as of the date this Amendment, the Company believes that (i) the third party has been removed from the Company’s IT systems, (ii) the Company’s access to the affected information has been restored and (iii) the procedures performed have confirmed the completeness and integrity of the impacted information.
The Company’s investigation of the cybersecurity incident, including the Company’s assessment of the scope of personal information included in the exfiltrated information, remains ongoing. The Company intends to provide required notifications to affected and potentially affected parties and to regulatory agencies.
As part of its remediation activities, the Company is evaluating additional procedures and software to strengthen its surveillance of cybersecurity threats and to prevent unauthorized occurrences on or conducted through its IT systems and to strengthen its information backup systems. The Company currently expects that a substantial portion of its direct costs incurred
relating to containing, investigating and remediating the cybersecurity incident will be reimbursed through insurance recoveries. As of the date of this Amendment, the cybersecurity incident has not had a material impact on the Company’s financial condition or results of operations, and the Company does not believe the cybersecurity incident is reasonably likely to materially impact the Company’s financial condition or results of operations.
Cautionary Statement Regarding Forward-Looking Statements
The Company has made statements in this Amendment that are forward-looking and therefore are subject to risks and uncertainties. All statements in this document other than statements of historical fact are, or could be, “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as “may,” “will,” “expect,” “intend,” “estimate,” “anticipate,” “believe,” “should,” “forecast,” “project” or “plan” and terms of similar meaning are also generally intended to identify forward-looking statements. However, the absence of these words does not mean that a statement is not forward-looking. All statements regarding the impact or expected impact of the cybersecurity incident are forward-looking statements. The Company cautions that these statements are subject to numerous important risks, uncertainties, assumptions and other factors, some of which are beyond its control, that could cause its actual results to differ materially from those expressed or implied by such forward-looking statements, including, among others: additional information regarding the extent of the cybersecurity incident that the Company may uncover during its ongoing investigation; the compromise or improper use of sensitive, proprietary, confidential financial, or personal data or information resulting in negative consequences such as fines, penalties, or loss of reputation, including in ways that adversely impact the Company’s competitiveness in attracting and retaining tenants; incremental expenses associated with the Company’s on-going
investigation and remediation of the cybersecurity incident; the nature and scope of any claims, litigation or regulatory proceedings that may be brought against the Company as a result of the cybersecurity incident; the availability of insurance coverage; other legal, reputational and financial risks resulting from this or other cybersecurity incidents and the potential impact of this cybersecurity incident on the Company’s revenues, operating expenses, and operating results; and the other factors set forth in in the Company’s Annual Report on Form 10-K
for the 2023 fiscal year filed with the SEC on February 22, 2024, which is available at www.sec.gov and www.brandywinerealty.com under the “Investors Relations—Financial Information” tab. Shareholders, potential investors and others should consider these factors in evaluating the forward-looking statements and should not place undue reliance on such statements. The forward-looking statements included in this Amendment are made only as of the date of this Amendment, unless otherwise specified, and, except as required by law, the Company assumes no obligation, and disclaims any obligation, to update such statements to reflect events or circumstances occurring after the date of this Amendment.
8-K Filing Date: May 07, 2024
processing