Foxtons has been hit by an online hack attack, but insists that it did not result in the personal details of thousands of customers, including landlords, being compromised, which meant that there was no need to notify customers that their data may be at risk.
The estate agency suffered a breach to its systems that forced it to shut its MyFoxtons customer portal last Friday, an incident which the London-based firm reported to the Information Commissioner’s Office and the National Cyber Crime Agency.
However, the company contacted EYE this morning to make it clear that there was no requirement to write to customers of its online service to warn them of the data breach, as no personal details, including email addresses, usernames and passwords, were accessed by the online hacker.
A spokesman said: “Foxtons has been subject to a limited malware virus on a small part of the business. It appears many other businesses and organisations have been affected and this was not a targeted attack on Foxtons.
“We have effective systems in place and took quick action to contain the incident and minimise disruption to our customers. Current investigations reveal no sensitive data has been compromised.”
Despite Foxtons confirming that no “sensitive data” had been stolen, some customers have expressed anger at the firm’s failure to inform them of the breach and said Foxtons had instead told them its systems were undergoing an upgrade.
One customer told the i newspaper: “I am concerned whether data has been stolen. It’s scandalous there was a hack and they just kept quiet about it.”
In 2013, the group was forced to investigate whether hackers had stolen the details of almost 10,000 property hunters following an anonymous leak on a hacking website.
The company at the time did write to customers of its online service MyFoxtons to warn them of the data breach.
We are seeing more frequency of claims relating to cyber attacks than anything else, yet less than 5% of our property professionals we look after take out comprehensive cyber liability. It’s not if it when.
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register
At least they’ve come clean and it’s up to them now to prove that client data wasn’t lost and I hope they are challenged to do that as they’ve done their job by reporting it to the ICO and they made a statement but who determines what has been lost? This has to be checked.
Something similar happened when a mega tenant referencing provider representing the largest names in lettings was very recently hacked and a massive amount of client data was taken. Tens of thousands of records were lost but was that reported to the agents? Then it comes down to who has suffered a loss as they have thousands of agents but the client isn’t just the agent and the records were extracted for tens of thousands of people who were referenced by them. Maybe keeping these things quiet works and plausible deniability satisfies any questions through the client team but personal data is all of us potentially at risk and t’s impossible to keep a lid on things like this and this is already known in the referencing industry even if it is convenient to certain parties that it is kept quiet. It won’t go away as in a profession there in no honor among thieves and we must at all times be ethical in our dealings and fully disclose our mistakes or people must whistleblow on us, and we must ensure we spend the money on security as Oliver is right that this is on the increase.
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register