TSA
Company Details
Linkedin ID:
thomas-safran-&-associates
Website:
Employees number:
124
Number of followers:
2,468
NAICS:
None
Industry Type:
Homepage:
tsahousing.com
IP Addresses:
0
Company ID:
THO_2860003
Scan Status:
In-progress
Thomas Safran & Associates Company CyberSecurity Posture
tsahousing.com
Thomas Safran & Associates has developed over 6,000 units of luxury, affordable and mixed-use rental housing in Southern California. For over 40 years, we have specialized in developing and managing high-quality properties, many of which have won awards from prestigious organizations. We are committed to providing superior design, maintaining our properties to the highest standards, and enriching the lives of the people who reside in our buildings.
Thomas Safran & Associates A.I CyberSecurity Scoring
TSA Risk Score (AI oriented)Between 0 and 549
TSA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
TSA Global Score (TPRM)XXXX
TSA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
TSA Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Thomas Safran & Associates Data Breach Compromises SSNs & Names
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: On Sept. 8, 2025, Thomas Safran & Associates, a real estate development and management company based in Los Angeles, experienced a significant data breach involving unauthorized access to a confidential computer server. The cybersecurity event The breach was first identified when suspicious activity was detected on the company’s network. Immediate steps were taken to secure the environment, and outside computer forensic experts were engaged to assist with the investigation. Further analysis revealed that the breach was caused by a ransomware attack carried out by the PLAY ransomware group, who claimed responsibility on the dark web on Sept. 17, 2025. The group threatened to publish the stolen data within days, stating that they had obtained private and personal confidential data, client documents, budget, payroll, accounting, tax records, IDs and financial information. The investigation determined that the compromised documents included personally identifiable information (PII) such as names, dates of birth, addresses and Social Security numbers. The breach affected an undisclosed number of individuals, including residents and possibly employees, given the nature of the information stored on the targeted server. The incident was officially disclosed to the California Attorney General’s office on Nov. 24, 2025. Thomas Safran and Associates’ response In response to the breach, Thomas Safran & Associates took several immediate and ongoing actions to protect affected indivi
Thomas Safran & Associates Data Breach Lawsuit Investigation
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Thomas Safran and Associates data breach. If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation. About Thomas Safran and Associates Thomas Safran & Associates is a real estate development and management company based in Brentwood, Los Angeles. Since its founding in 1974, the company has focused on developing, owning, and managing affordable, luxury, and mixed-use rental housing throughout Southern California. The company is known for its commitment to affordable housing, having developed over 6,300 units, with the majority located in Los Angeles County. Thomas Safran & Associates also manages most of its properties, employs approximately 250 people, and has a significant number of new units under construction or in preconstruction. What Happened? On or around Sept. 8, 2025, Thomas Safran & Associates detected suspicious activity on its network. The company responded quickly by securing its systems and hiring outside forensic experts to investigate. It was determined that an unauthorized party accessed a server containing confidential information. According to public disclosures, the PLAY ransomware group claimed responsibility for the attack and threatened to publish stolen data, which may have included private and personal confidential data
TSA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for TSA
Incidents vs Real Estate Industry Average (This Year)
Thomas Safran & Associates has 185.71% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Thomas Safran & Associates has 212.5% more incidents than the average of all companies with at least one recorded incident.
Incident Types TSA vs Real Estate Industry Avg (This Year)
Thomas Safran & Associates reported 2 incidents this year: 0 cyber attacks, 2 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — TSA (X = Date, Y = Severity)
TSA cyber incidents detection timeline including parent company and subsidiaries
TSA Company Subsidiaries
Thomas Safran & Associates has developed over 6,000 units of luxury, affordable and mixed-use rental housing in Southern California. For over 40 years, we have specialized in developing and managing high-quality properties, many of which have won awards from prestigious organizations. We are committed to providing superior design, maintaining our properties to the highest standards, and enriching the lives of the people who reside in our buildings.
Loading...
TSA Similar Companies
Colliers (NASDAQ, TSX: CIGI) is a leading diversified professional services and investment management company. With operations in 68 countries, our 19,000 enterprising professionals work collaboratively to provide expert real estate and investment advice to clients. For more than 29 years, our exper
SM Prime Holdings, Inc.
SM Prime Holdings, Inc. (SMPH) is one of the largest integrated property developers in Southeast Asia that offers innovative and sustainable lifestyle cities with the development of malls, residences, offices, hotels and convention centers. It is also the largest, in terms of asset, in the Philippin
SM Supermalls
The SM Group of companies stands today as an institution, a store, a mall, a bank, a home, a resort, a hotel, and a place to see and experience with the family. One of the core business areas of the SM Group is the Shopping Center Management Corporation, generally referred to as SM Supermalls. The
Shimao Group
Shimao Group has entered the real estate industry since 1989, After more than 30 years of development, the Group has made its layout in more than 100 core development cities across China, involving real estate, commercial, property management, hotel, theme entertainment and culture. Following the n
IWG is leading the workspace revolution. Our companies help more than 2.5 million people and their businesses to work more productively. We do so by providing a choice of professional, inspiring and collaborative workspaces, communities and services. Our customers are start-ups, small and medium-s
Founded in 1993, Greystar provides world-class service in the residential rental housing industry. Our innovative vertically integrated business model integrates the management, development and investment disciplines of the rental housing industry on international, regional and local levels. This un
City Developments Limited
City Developments Limited (CDL) is a leading global real estate company with a network spanning 163 locations in 29 countries and regions. Listed on the Singapore Exchange, the Group is one of the largest companies by market capitalisation. Its income-stable and geographically-diverse portfolio comp
Savills
Savills is a global real estate services provider with a network of more than 40,000 people in over 700 offices across the Americas, Europe, Asia Pacific, Africa and the Middle East. A FTSE 250 company (LON: SVS) headquartered in London, Savills advises corporate, institutional and private clients w
Empire Company Limited
Empire Company Limited (TSX: EMP.A) is a Canadian company headquartered in Stellarton, Nova Scotia. Empire’s key businesses are food retailing, through wholly-owned subsidiary Sobeys Inc., and related real estate. With approximately $30.5 billion in annual sales and $16.5 billion in assets, Empire C
.png)
TSA CyberSecurity News
December 03, 2025 04:27 PM
Thomas Safran & Associates Data Breach Compromises SSNs & Names
Data breach at Thomas Safran & Associates exposed personal info including SSNs and financial records.
December 03, 2025 04:27 PM
Thomas Safran & Associates Data Breach Lawsuit Investigation
If you were affected by the Thomas Safran & Associates data breach, you may be entitled to compensation.
November 26, 2025 07:47 PM
Thomas Safran & Associates Data Breach Investigation
Strauss Borrelli PLLC, a leading data breach law firm, is investigating Thomas Safran & Associates (“Thomas Safran”) regarding its recent...
October 27, 2025 07:00 AM
Affordable Housing Veterans Launch Development Firm
Three affordable housing industry executives have launched a new development and investment venture. Founders June Park, Tyler Monroe,...
August 28, 2025 07:00 AM
Affordable Housing Grows in Marina del Rey: Thatcher Yard celebrates grand opening of 98 units
On Thursday, Aug. 21, Thomas Safran & Associates (TSA) hosted the grand opening of Thatcher Yard, consisting of 98 affordable and supportive...
August 27, 2025 07:00 AM
Thatcher Yard affordable housing complex debuts in Venice
Just north of Marina del Rey in Venice, developer Thomas Safran & Associates has officially opened an affordable housing complex at the...
August 24, 2025 07:00 AM
Eight-Building Affordable Housing Community Opens in Marina del Rey
Half of the project's units are reserved for formerly homeless individuals. A new 98-unit affordable housing complex, Thatcher Yard,...
August 21, 2025 07:00 AM
Thomas Safran Unveils New Affordable Property in SoCal
The developer overcame significant opposition to the project. ... Thomas Safran & Associates has opened Thatcher Yard, an eight building, 98-unit...
May 09, 2025 07:00 AM
Affordable housing topped out at 3300 Washington Blvd. in Arlington Heights
At a ceremony last week, construction commenced for The Arlington, an affordable housing development on the former site of an oil drilling...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
TSA CyberSecurity History Information
Official Website of Thomas Safran & Associates
The official website of Thomas Safran & Associates is http://www.tsahousing.com.
Thomas Safran & Associates’s AI-Generated Cybersecurity Score
According to Rankiteo, Thomas Safran & Associates’s AI-generated cybersecurity score is 522, reflecting their Critical security posture.
How many security badges does Thomas Safran & Associates’ have ?
According to Rankiteo, Thomas Safran & Associates currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Thomas Safran & Associates have SOC 2 Type 1 certification ?
According to Rankiteo, Thomas Safran & Associates is not certified under SOC 2 Type 1.
Does Thomas Safran & Associates have SOC 2 Type 2 certification ?
According to Rankiteo, Thomas Safran & Associates does not hold a SOC 2 Type 2 certification.
Does Thomas Safran & Associates comply with GDPR ?
According to Rankiteo, Thomas Safran & Associates is not listed as GDPR compliant.
Does Thomas Safran & Associates have PCI DSS certification ?
According to Rankiteo, Thomas Safran & Associates does not currently maintain PCI DSS compliance.
Does Thomas Safran & Associates comply with HIPAA ?
According to Rankiteo, Thomas Safran & Associates is not compliant with HIPAA regulations.
Does Thomas Safran & Associates have ISO 27001 certification ?
According to Rankiteo,Thomas Safran & Associates is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Thomas Safran & Associates
Thomas Safran & Associates operates primarily in the Real Estate industry.
Number of Employees at Thomas Safran & Associates
Thomas Safran & Associates employs approximately 124 people worldwide.
Subsidiaries Owned by Thomas Safran & Associates
Thomas Safran & Associates presently has no subsidiaries across any sectors.
Thomas Safran & Associates’s LinkedIn Followers
Thomas Safran & Associates’s official LinkedIn profile has approximately 2,468 followers.
NAICS Classification of Thomas Safran & Associates
Thomas Safran & Associates is classified under the NAICS code None, which corresponds to Others.
Thomas Safran & Associates’s Presence on Crunchbase
No, Thomas Safran & Associates does not have a profile on Crunchbase.
Thomas Safran & Associates’s Presence on LinkedIn
Yes, Thomas Safran & Associates maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/thomas-safran-&-associates.
Cybersecurity Incidents Involving Thomas Safran & Associates
As of December 03, 2025, Rankiteo reports that Thomas Safran & Associates has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Thomas Safran & Associates has an estimated 29,299 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Thomas Safran & Associates ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.
Risk Information
cvss3
Base: 4.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Description
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Description
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Description
NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.
Risk Information
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.
Risk Information
cvss3
Base: 8.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
cvss4
Base: 7.1
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=thomas-safran-&-associates' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
