Data stolen from Foxtons leaked online by hackers

Foxtons has given an update on the recent cyber attack which saw personal details of thousands of customers held by the estate agency stolen and published online.

The financial details of thousands of customers held by Foxtons are being freely accessed on the so-called dark web, as reported by the i newspaper yesterday.

But a Foxtons spokesperson contacted Property Industry Eye this morning to make it clear that the stolen data posses no threat to affected customer.

He said: “We have forensically been through all the stolen data and confirm it is both old and incomplete therefore not useable by a third party and not possible for it to cause financial loss or harm to those affected customers.”

Foxtons was hit by an online hack attack in October, but insisted at the time that it did not result in the personal details of thousands of customers, including landlords, being compromised, which meant that there was no need to notify customers that their data may be at risk.

The estate agency suffered a breach to its systems that forced it to shut its MyFoxtons customer portal on Friday 16th October 2020, an incident which the London-based firm reported to the Information Commissioner’s Office and the National Cyber Crime Agency.

The company also contacted EYE at the time to make it clear that there was no requirement to write to customers of its online service to warn them of the data breach, as no personal details, including email addresses, usernames and passwords, were accessed by the online hacker.

A spokesman told EYE: “Foxtons has been subject to a limited malware virus on a small part of the business. It appears many other businesses and organisations have been affected and this was not a targeted attack on Foxtons.

“We have effective systems in place and took quick action to contain the incident and minimise disruption to our customers. Current investigations reveal no sensitive data has been compromised.”

However, the i newspaper still claims that Foxtons was informed in January that financial and personal information was freely accessible on the dark web from an attack on ‘Foxtons Group plc.’ customers, and yet the firm did not take any action.

According to i, an investigation found that more than 16,000 card details, addresses and private correspondence, including details of fees paid, are freely accessible by potential fraudsters.

The files have, i reports, been viewed 15,073 times since being published online three months ago.

Foxtons hold “over three million customer records”, according to its website.

In a statement, Foxtons told i: “Alexander Hall, Foxtons’ mortgage broking business, was subject to a malware attack in October 2020 that affected a number of other organisations.

“Some IT systems were affected for several days but were restored without significant disruption to customers. All necessary disclosures have been made and full details of the attack were provided to the FCA and ICO at the time.

“We are satisfied that the attack did not result in the loss of any data that could be damaging to customers and believe that the FCA and ICO are satisfied with our response.”


Foxtons hit by cyber attack


Email the story to a friend

One Comment

  1. Charlie Lamdin

    If anyone is surprised by this, they shouldn’t be. And Foxtons’ cyber-security is better than most of the rest of the industry. The older CRM systems are rats in a barrel for cyber data thieves.


You must be logged in to report this comment!

Comments are closed.

Thank you for signing up to our newsletter, we have sent you an email asking you to confirm your subscription. Additionally if you would like to create a free EYE account which allows you to comment on news stories and manage your email subscriptions please enter a password below.