AppFolio Data Breach Investigation 2025: What Property Managers Need to Know

Breaking: AppFolio Security Investigation Announced

On October 10, 2025, AppFolio publicly confirmed a cybersecurity incident involving unauthorized access to its systems. ¹ The breach reportedly began in August 2025 and included issues tied to Salesloft, its customer relationship management vendor. ²

The Texas Attorney General confirmed the data breach impacted at least 5,056 Texans. In addition, the company delayed notifying affected users until early October. Legal firms Strauss Borrelli PLLC and Schubert Jonckheer & Kolbe LLP are investigating possible liabilities.

Maine residents were also informed through a formal notification submitted to their Attorney General's office.

What Happened: Details of the AppFolio Data Breach

Hackers accessed AppFolio’s CRM system through Salesloft between August 8 and August 18, 2025. This security incident exposed sensitive information from hundreds of organizations tied to the real estate industry.

Records included names, Social Security numbers, dates of birth, and home addresses. The breach affected individuals across multiple states, including Maine residents.

AppFolio became aware of the unauthorized access on August 22, 2025. They reported the breach to Maine's Attorney General shortly after. On October 6, the company began sending notices about the compromised data to impacted users.

Affected individuals received detailed PDFs explaining what happened and next steps for protecting their private data from identity theft or fraud alert risks.

Which Customer Records Were Compromised?

The AppFolio data breach exposed highly sensitive information. Unauthorized parties accessed names, Social Security numbers, dates of birth, and addresses stored in the company’s CRM system.

These details belonged to property managers and their clients.

Maine residents received notices confirming the exposure of this personal information as part of the security incident. Texas officials reported that 5,056 residents’ records were compromised.

Risks include identity theft and privacy violations for anyone affected by this cybersecurity incident.

Legal Investigation and Potential Liability

Strauss Borrelli PLLC and Schubert Jonckheer & Kolbe LLP have launched investigations into AppFolio, Inc. They are examining whether delayed notifications about the data breach violate state or federal laws.

You may be entitled to monetary compensation if your personal information was exposed. Legal experts are also pushing for a court order that would require AppFolio to improve its cybersecurity measures.

This delay in informing affected individuals until October 6, 2025, could result in legal consequences for the company. If you were impacted by unauthorized access to sensitive information such as Social Security numbers or dates of birth, you might qualify for a class-action lawsuit.

Contact Strauss Borrelli at their Chicago office or Schubert Jonckheer & Kolbe in San Francisco today if you suspect your consumer rights were violated. Both law firms specialize in these types of cases and can provide guidance on how to proceed.

Immediate Steps for Current AppFolio Users

A data breach can expose sensitive information and put you at risk of identity theft. Taking immediate action helps minimize potential damage to your personal information.

1. Read the breach notice sent by AppFolio, Inc., and save a copy for your records. This document may contain details about what was compromised, including dates of birth or social security numbers.
2. Sign up for free credit monitoring services offered by AppFolio. These services help you detect unauthorized access to your credit file.
3. Update all account passwords tied to your property management platforms. Use strong combinations that include letters, numbers, and special characters.
4. Change security questions for online accounts linked to your real estate industry work. Avoid answers that could be guessed or found on public profiles.
5. Review bank account statements regularly for unusual transactions or charges. Report any unauthorized activity immediately to your financial institution.
6. Check your credit reports through agencies like Equifax, Experian, or TransUnion for suspicious activity or new accounts you don’t recognize.
7. Contact credit bureaus directly to place a temporary fraud alert on your credit file. This makes it harder for criminals to open accounts in your name without verification.
8. Follow consumer rights guidance from the Vermont Attorney General's Office if you live in Maine or other states with strong data privacy laws.
9. Stay updated on cybersecurity incident notifications from AppFolio regarding affected systems and future security improvements.
10. Consult an attorney if you're concerned about legal liability or considering joining a class action lawsuit related to this incident.

How This Compares to Other Property Management Software Breaches

Property management data breaches have grown in recent years. Comparing these incidents can help you understand where AppFolio's breach stands. ³

Comparing records shows varying breach sizes and impacts. While the AppFolio breach is still under investigation, cases like Schubert Jonckheer & Kolbe LLP involved tens of thousands of individuals. Other breaches, such as Blackburn College or Chimienti & Associates, highlight the widespread nature of corporate vulnerabilities. This comparison emphasizes the risks in property management software security. ³

Security Features AppFolio Should Have Had in Place

AppFolio, Inc. faced a cybersecurity incident due to weak protective measures, risking sensitive information like Social Security numbers. Stronger security features could have prevented unauthorized access.

1. Use Advanced Encryption Standard 256-bit (AES-256) for protecting sensitive customer data at rest and in transit. This is a best practice to prevent data breaches.
2. Enable multi-factor authentication (MFA) for all accounts to block unauthorized access, even if passwords are compromised.
3. Integrate continuous monitoring systems with real-time anomaly detection to catch potential threats before they escalate into full-scale breaches.
4. Apply Secure by Design principles during software development to ensure that security remains a foundational element throughout the platform's lifecycle.
5. Implement a Defense in Depth strategy by layering multiple security measures, making it harder for attackers to exploit vulnerabilities.
6. Restrict user access through role-based access controls (RBAC) to ensure employees only interact with data relevant to their roles.
7. Provide clients with education and training resources on data privacy and cybersecurity best practices to reduce human-related risks.
8. Build routine audit processes for identifying weaknesses in AppFolio's infrastructure and addressing them proactively.
9. Incorporate stronger identity verification protocols for users accessing sensitive personal information like dates of birth or Maine residents' records.
10. Improve compliance checks aligned with Federal Trade Commission guidelines to avoid potential liability while enhancing consumer rights protections.

Alternative Property Management Platforms to Consider

Finding a reliable property management platform is crucial after a cybersecurity incident. Explore secure alternatives to protect sensitive information and improve operations.

1. Consider platforms offering strong data security measures like encryption and multi-factor authentication. These features ensure better protection for personal information, such as Social Security numbers or dates of birth.
2. Look for software that complies with data privacy laws, especially if operating in states like Maine, where regulations are strict about unauthorized access to consumer records.
3. Choose a service with 24/7 monitoring and proactive threat detection systems. This can help prevent security incidents similar to the AppFolio breach.
4. Seek platforms with a detailed audit trail feature. This allows you to track who accessed customer records and when, ensuring transparency.
5. Evaluate vendors offering regular software updates and patches. This reduces vulnerability to cyberattacks by addressing potential loopholes promptly.
6. Review user reviews on cybersecurity performance in the real estate industry before committing. Positive feedback from property managers can signal trustworthy options.
7. Prioritize companies providing dedicated customer support during a security incident investigation or data breach recovery process.
8. Analyze trial versions of the platform whenever possible before shifting your business operations entirely to new software.

What to Ask AppFolio Before Continuing Service

You must ask the right questions before deciding to continue using AppFolio. This will help you protect your sensitive information and ensure better data privacy.

• Ask if they have identified how the unauthorized access occurred during the cybersecurity incident. Understanding this helps assess their corrective actions.
• Confirm whether personal information like Social Security numbers or dates of birth was accessed. If so, ask what steps they are taking to prevent future breaches.
• Request details on updated security protocols and tools they have implemented since the data breach. This demonstrates their commitment to protecting sensitive information.
• Ask if Maine residents or other affected users were personally notified about compromised customer records. Transparency is key to accountability.
• Inquire about any legal investigation related to potential liability for this security incident. This can impact your rights and continued trust in their services.
• Clarify if consumers now have access to identity theft protection or credit monitoring services as part of their response plan. These measures are crucial for mitigating risks after data breaches.
• Question how they compare with other property management software platforms on cybersecurity standards now. Competitors may offer features that AppFolio lacks.
• Find out what specific steps you, as a current user, need to follow immediately after this breach. Ensure you receive clear instructions for safeguarding your records moving forward.
• Verify whether they plan future updates to improve internal data protection practices in the real estate industry. Their plans should focus on prioritizing consumer rights and data privacy.
• Ask if independent audits will evaluate their systems regularly going forward. External reviews help ensure ongoing compliance with best practices in cybersecurity policies.

Our Updated Security Rating for AppFolio

AppFolio’s security rating has dropped due to the recent cybersecurity incident. The breach exposed sensitive information, such as social security numbers, dates of birth, and other personal data.

This issue highlights insufficient safeguards against unauthorized access and raises concerns about compliance with consumer rights laws.

The company’s inability to protect Maine residents' records reveals a shortcoming in its overall strategy for safeguarding sensitive information. Compared to competitors in the real estate industry, AppFolio now ranks lower in maintaining essential data protection standards.

FAQs

1. What happened in the AppFolio data breach investigation of 2025?

The AppFolio data breach involved unauthorized access to sensitive information, including personal details like dates of birth, affecting individuals in the real estate industry and Maine residents.

2. What type of personal information was exposed during this cybersecurity incident?

The security incident may have compromised sensitive information such as names, dates of birth, and other personal details stored by AppFolio, Inc.

3. Who is impacted by this data breach?

Property managers and others in the real estate industry who use AppFolio's services could be affected. Maine residents are also among those potentially impacted.

4. How can property managers respond to this security incident?

Property managers should review their systems for unauthorized access, strengthen cybersecurity measures, and inform affected parties about potential risks tied to their personal information being exposed.

References

1. ^ https://www.prnewswire.com/news-releases/privacy-alert-appfolio-inc-under-investigation-for-data-breach-of-records-302580626.html (2025-10-10)
2. ^ https://straussborrelli.com/2025/10/07/appfolio-data-breach-investigation/
3. ^ https://www.appfolio.com/blog/future-insights-what-property-managers-need-to-know-2025 (2025-01-22)
4. ^ https://www.appfolio.com/blog/appfolio-data-protection-for-property-managers