LandMark White faces fallout over second data breach

LandMark White says a “small number” of its clients have suspended their use of its property valuation services in the wake of a data breach.

Those customers include two of the four big banks, according to a Fairfax Media report.

However, LMW claimed that the majority of its customers “continue to work closely with LMW to understand the disclosure and any impact on their customers and LMW appreciates the way they are responding by supporting LMW, its employees and shareholders rather than acting in a way that ultimately rewards the criminal attempting to damage LMW’s reputation.”

LMW revealed details of the data breach late last week. The company said that an individual had posted internal documents to document sharing service Scribd.

The company today said it first became aware of the documents being posted on 29 May and took immediate action to request that Scribd remove them.

LMW said that based on its review, “very few of the documents had been viewed or downloaded by anyone prior to being removed (other than LMW’s internal and independent response team)”.

The majority of the documents were PDFs containing residential ‘short form’ valuations and had “very limited personal information recorded in them (limited to a name and address).”

“There are no bank account or identity details included in these documents,” an LMW statement released to the ASX said.

The firm said that its assessment was that the posting of the documents was not a notifiable breach under the Notifiable Data Breaches Scheme, but that it had informed the Office of the Australian Information Commissioner of the incident.

LMW said that the “nature of these documents” and the “the small number of non-valuation documents” uploaded to Scribd “clearly indicate that this is not a cyber-attack on LMW but rather the deliberate acts of a person known to LMW”.

“LMW suspects that this person has taken the documents from LMW via a manual process and is attempting to damage LMW’s brand and reputation,” the company said. “There is absolutely no indication that the person is attempting to derive personal gain from the disclosure.”

LMW said it was in contact with NSW Police over the incident.

The breach follows the revelation earlier this year that a security hole had enabled a third-party to obtain around 137,500 LMW valuation records and 1680 supporting documents.

Earlier this month the company said that that breach had cost it millions in lost revenue after major clients paused their use of its services. LMW also said it had incurred significant costs improving its security. The fallout from the breach ultimately saw the company’s CEO exit as LMW sought to repair its reputation.