It has been reported today that thousands of customers’ financial details held by one of Britain’s biggest estate agents are being freely accessed on the dark web. Foxtons Group was victim to a malware attack in October last year when hackers targeted the company, with it closing down its web portal for home sellers, renters, and landlords. The company said that Alexander Hall, its mortgage broking business, was affected and that no “sensitive data” had been stolen. It reported itself to the Information Commissioner’s Office (ICO), the data watchdog. But when the firm was informed in January that financial and personal information was freely accessible on the dark web from an attack on ‘Foxtons Group plc.’ customers, it did not take any action.
<div class=\"gmail_attr\" dir=\"ltr\">It is not unusual for service-oriented organisations to store customer data. This might include names, contact details, personal and even financial data. These companies bear a big responsibility of keeping this data safe. It is not enough to just follow procedures and best practices, they need to go above and beyond to safeguard their customers\’ data. In the case of a breach, such as this, each and every customer affected should be contacted and made aware of the situation. These customers, be it private persons or partnering companies, can then take the appropriate actions to mitigate the effects of the breach. </div> <div> <p> </p> <p>Attackers can exploit private information for identity theft, scamming affected individuals. With more data on individuals, attackers can better mislead victims into falling for a phishing email, believing that they are a legitimate caller or to convince them to vouch or confirm a financial transaction. Therefore, it is critical that we take the following threat seriously: “If you are a client who refused to conclude a contact and did not find information about yourself on our website or did not find some of your files, this does mean that we forgot about you, it only means that your information was sold and only therefore it did not appear in free access!</p> </div>
<p>This is about as worrying as it gets. Identify and card fraud are big business for malicious actors and up-to-date card details belonging to those unaware of the breach are worth a huge amount on the black market. When the financial data leaked is connected to mortgages it can be that much more impactful, as the large amounts of money being exchanged create a more tempting and lucrative target for criminals. With this data having been viewed thousands of times on the dark web I would be highly surprised if there are people whose details feature on this compromised list who haven’t already been targeted. Those affected must urgently contact their banks and follow procedures to make sure they are protected from such inevitable attacks.</p>
<div>Unfortunately, in this case, Foxtons Group took the \"maybe if we ignore it and keep quiet, it will go away\" approach to their data breach. </div> <div> </div> <div> <p>Foxtons Group customers will want to invest in credit monitoring services, keep a close eye on all of their accounts, and stay alert for phishing emails, texts, and phone calls. Unfortunately, these customers have been exposed since last October, so in some cases, the damage may have already been done.</p> </div>
<p>The latest revelations about Foxton clearly look like a \’he said, she said\’ moment with a lot of finger-pointing. At the same time, it is a sobering reminder that cyber criminals are stealing sensitive data from consumers on a daily basis and yielding massive profits by selling the information on the dark web. To Foxton, I encourage more transparency and hope they will further come clean on what happened and disclose the preventive measures they are taking to tighten security and limit further exposure of sensitive information. It is clearly no laughing matter to Foxton\’s customers and they are looking for reassurance that their credit card numbers and other personal information aren\’t part of an extortion campaign against Foxton. My advice to Foxton\’s customers is to pay close attention to their bank statements and if anything looks suspicious to immediately contact their credit card company. They should also be offered free credit monitoring services for at least the next year by Foxton.</p>
<p>This is an example of what not to do when the victim of a cyber-attack. It appears the company at the centre of this breach just ticked the boxes in notifying the authorities that they were victim here, but either did not go any further in investigating the types of data stolen or kept the results of that investigation from their customers. Failure to notify its customers who may have been affected flies against best practices and ethics, and is an out-dated attitude that will affect the trust between customer and supplier.</p>