Join
Contact

Tenant Data Exposed in Berkeley Rent Registry Leak

Date postedOctober 2, 2025
Posted By: BPOA Master

In April 2025, a software update to the Berkeley Rent Stabilization Board’s Rent Registry inadvertently exposed renter information. The flaw went unnoticed until September 4, 2025, when Alex Forman, a 20-year-old UC Berkeley engineering student and city resident, discovered it and responsibly reported it. The Board’s vendor corrected the issue the following day.

The exposed data included:

  • Tenant names

  • Phone numbers

  • Email addresses

  • Section 8 subsidy status tied to unit addresses

The scope was significant — approximately 29,000 rental units and over 60,000 renters. While the Rent Board has stated it has no evidence that the information was misused, the breach lasted for more than four months.

Why tenants may be upset

The incident revealed something many renters hadn’t considered before: their personal details are collected by law and stored in the Rent Registry. Housing providers are required to submit this information each year for rent control compliance.

For tenants who didn’t realize their names, contact info, and subsidy status were being recorded, the news may feel doubly unsettling — first by the mandatory reporting itself, and then by the lack of protection around that data.

Why this matters for housing providers

Members may hear from tenants who are upset or mistrustful. Typical questions might include:

  • “Why did you give my information to the Rent Board?”

  • “Do you have a choice about sharing this data?”

  • “How do I know this won’t happen again?”

Key points for members to understand:

  • Registration is mandatory. The Rent Stabilization Ordinance requires landlords to submit tenant details. There is no opt-out.

  • This was not a landlord mistake. The exposure came from the Rent Board’s system, not from housing providers.

  • Data security is outside your control. Once submitted, the Rent Board and its vendor are responsible for protecting the information.

How to respond if tenants ask

  • Acknowledge the concern. Tenants are right to feel unsettled. Recognizing their worry helps maintain trust.

  • Explain the requirement. Clarify that Berkeley law mandates rent registration, and housing providers who fail to comply face penalties.

  • Redirect appropriately. Security and privacy concerns should be directed to the Rent Board.

  • Encourage caution. Remind tenants to be vigilant for phishing or suspicious messages that may exploit the incident.

The bigger picture

The Rent Registry is central to Berkeley’s rental system, and this incident highlights the dependence of both tenants and housing providers on its integrity. While BPOA will continue to monitor developments, members should be prepared to address tenant questions and understand their role: reporting is mandatory, but safeguarding the data is the responsibility of the Rent Board.

Categories

Most Recent Posts