Foxtons Group data breach: Hackers selling stolen data on the dark web

I’m moving house soon. Fortunately we’re not registered with Foxtons who are not exactly covering themselves with glory in the way they’re handling this breach…:

British estate agency Foxtons Group suffered a major data breach in October last year, enabling hackers to steal vast amounts of personal and financial information before uploading them on dark web forums.

The massive data breach forced the Foxtons Group to temporarity shut down its customer portal, MyFoxtons. While Foxtons claimed that no sensitive data was compromised as a result of the attack, its employees were reportedly unable to access customer and landlord contact details on company systems. The agency later confirmed that Alexander Hall, its mortgage broking business, was affected by the data breach.

“Foxtons has been subject to a limited malware virus on a small part of the business. It appears many other businesses and organisations have been affected and this was not a targeted attack on Foxtons. We have effective systems in place and took quick action to contain the incident and minimise disruption to our customers. Current investigations reveal no sensitive data has been compromised,” the group said.

“Some IT systems were affected for several days but were restored without significant disruption to customers. All necessary disclosures have been made and full details of the attack were provided to the FCA and ICO at the time. We are satisfied that the attack did not result in the loss of any data that could be damaging to customers and believe that the FCA and ICO are satisfied with our response,” it added.

Despite the agency’s claims, iNews reported that as per a recent investigation, more than 16,000 card details, addresses, and private messages, which were stolen from Foxtons’ systems, were uploaded on the dark web three months ago and have been viewed for more than 15,000 times.

The report revealed that the stolen data records were collected from customers prior to 2010 and almost 20% of the leaked debit cards with full card numbers and personal information are still active. The data was uploaded on the dark web just two days after Foxtons Group’s systems were targeted.

[…]

Original article