Property valuation firm LandMark White says its decision to yesterday request the ASX pause trading of its shares came as it sought “clarity” around the impact of a data breach on its services.
It also revealed that confidential data related to property valuations was available on a “darkweb forum” for at least 10 days after the company closed the security hole that allowed it to be accessed. The forum post was made “on or about 11.57pm GMT, 31 January 2019” and the company believes that shutting down the vulnerability prompted the posting of the dataset.
The company earlier this month revealed that it had been alerted by a partner firm that “dataset containing property valuation and some personal contact information” had been exposed. LMW said the culprit was an “exposed programming interface” that it had shut down on 23 January. The company says it is not clear how many people accessed the data.
UK-based privacy advocate Gareth Llewellyn, who earlier this year revealed details of a privacy breach involving First National, in early January attempted to alert the firm to the issue.
The company has now revealed that in December it received a message through its online ‘live chat’ service about the breach, but was not able to access the link provided.
Then on 10 January it was notified of the breach by the Australian Cyber Security Centre but LMW said it was at that point “in the process of undertaking pre-planned systems upgrade work on the valuation platform the subject of the incident.”
It also acknowledged Llewellyn’s contact via Twitter but the company said its account was not monitored during the holiday period.
In an updated FAQ on the breach released today by LMW, the company said: “A large number of our clients have been incredibly supportive, fully understand the situation we face, and have continued the work flows in the face of this attack on our business. We thank them for their ongoing support during this difficult time.”
“It is important to work through this incident thoroughly with our corporate partners, financial institutions and affected customers, to re-establish trust in our organisation and to resume business activity as quickly as possible,” the company said. “We remain wholeheartedly committed to taking whatever steps are required to ensure that occurs.”