Foxtons estate agency leaked thousands of customers’ financial records

Foxtons Group is under scrutiny for downplaying the severity of a cyber attack that has compromised the financial details of 16,000 customers.

The organisation was hit by malware in October, with criminal hackers forcing its web portal offline. At the time, it reported that the incident affected its mortgage broking business, Alexander Hall, and that no sensitive information had been stolen.

However, as iNews reports, the attackers were able to access a database containing sensitive personal details.

Alexander Hall reportedly informed Foxtons about this more than three weeks ago, but the estate agency failed to inform potential victims or the ICO (Information Commissioner’s Office).

Tip of the iceberg

Alexander Hall’s internal investigation revealed that criminal hackers obtained the card details, addresses and private correspondences (including details of fees paid) of customers who had used its service before 2010.

However, the criminal hackers say that the leaked data represents just one percent of the information they stole in the attack.

A cyber security expert told iNews the crooks could be using the pre-2010 details to advertise their theft while selling more recent and valuable data at a higher price.  

This suspicion was all but confirmed when the attackers posted the following warning on the dark web:

If you are a client who refused to conclude a contact and did not find information about yourself on our website or did not find some of your files, this does mean that we forgot about you, it only means that your information was sold and only therefore it did not appear in free access!

Nonetheless, Foxtons remains confident that the attack poses little risk. In a statement to Estate Agent Today, the organisation said:

“We have forensically been through all the stolen data and confirm it is both old and incomplete therefore not useable by a third party and not possible for it to cause financial loss or harm to those affected customers.

“We are satisfied that the attack did not result in the loss of any data that could be damaging to customers and believe that the FCA and ICO are satisfied with our response.”

It remains to be seen whether their assessment is accurate. In the meantime, Foxtons and Alexander Hall customers should be on alert for fraud.

If you spot any suspicious payments on your account, you should contact your bank urgently.

The Weekly Round-up: subscribe now