Cybersecurity and data privacy

We take data privacy and security seriously. We maintain policies and procedures designed to comply with applicable state and federal rules as well as employ the following measures:

Information security

Our technical defense layers provide multiple, redundant measures to help protect against vulnerabilities or if one security control fails. We have procured third-party programs and tools that provide or use, among other things, artificial intelligence, machine learning, computer network monitoring, firewall and intrusion detection and cloud service defenses.

Customer privacy

We do not sell our mailing or contact lists to unaffiliated third parties. KB Home may share customer email address and contact information with our selected service providers for home-related offers and other information that we believe may be of interest to our customers; however, customers are able to indicate on the guest information, registration card or other materials that they do not wish to be contacted.

Employee education and awareness activities

All KB employees are required to complete training on computer and data security, with extra training required for employees handling customer personal information. Additionally, monthly cybersecurity newsletters and phishing tests provide ongoing awareness and real-time training for all employees.

Email security

We retain a third-party provider for email security and protection services. Since email is a frequent entry point for cyber threats, we have implemented these additional security measures in an effort to provide greater threat protection.


Leadership oversight

Our Board of Directors, largely through its Audit and Compliance Committee, oversees cybersecurity risks and our evolving physical, electronic, and other protection strategies, and initiatives. Our senior information technology executives periodically update the committee on our cybersecurity practices and risks, most recently in October 2022.

Annual risk assessment

We perform an annual cybersecurity assessment based on the National Institute of Standards and Technology framework to identify potential areas of focus.