Embattled property valuation firm LandMark White has detailed a range of new security measures it has undertaken in the wake of two incidents involving the leak of customer data.
In March the ASX-listed company lost its CEO following a significant data breach involving hundreds of thousands of records earlier in 2019. In May LMW revealed that some of its internal documents had been posted on Scribd in what the firm believed to be the “deliberate work of an individual known to the LMW business”.
The company says it has suffered a blow to revenue in the region of $6-7 million from customers suspending their use of its valuation services, with insurance only covering a small part of the losses it incurred.
LMW said today that it also “incurred significant response and remediation costs and has subsequently invested heavily in enhancing its IT platforms, hardware and software security as well as privacy and data policies, training and data recovery plans”.
The company expects to return to profitable trading from Q2 in FY20.
For the year ended 30 June the company suffered a $15.1 million loss after tax from continuing operations, compared to a $4.1 million profit in the prior year. (LMW booked $12.3 million in impairment losses on its goodwill intangible assets.)
The company is seeking to raise $5.45 million to support an optimisation strategy, which includes streamlining its operations as well as a $400,000 investment in its IT infrastructure.
In March, LMW said it was working with experts from the Commonwealth Bank of Australia to boost its security.
LMW said today that it has “accelerated the roll-out of the new and advanced IT security infrastructure,” including implementing the Australian Cyber Security Centre’s ‘Essential Eight’ strategies and ISO 27001 certification.
Steps the company has taken in the aftermath of the data breaches include implementing domain whitelisting for data access, mandatory 2FA, preventing use of USB drives, and software tracking of files including real-time alerts. LMW also said it is “near completion” of 100 per cent encryption of electronic documents.