Banks drop LandMark White valuations after data breach

Banks drop LandMark White valuations after data breach
Staff reporterDecember 7, 2020

The fallout from a data breach at the listed valuation company LandMark White has seen National Australia Bank suspending its use of the firm, joining Commonwealth Bank and ANZ.

"We are not in a position to say how many individuals are likely at risk as a result of the incident at this point although this remains under close review," LMW advised yesterday.

Up to 100,000 customers, according to Nine Entertainment, had personal information including property valuations, phone numbers and dates of birth leaked as part of the data breach at LandMark White.

ANZ’s chief data officer, Emma Gray, said it involved a very small percentage of its customers who had valuations undertaken between November 2015 and December 2018 who are potentially impacted.

“As a result of this incident ANZ has currently suspended use of the services of the valuation provider at the centre of the investigations."

LandMark White's share price is down slightly from 44 cents to 42 cents since the ASX listed company revealed the breach.

LandMark White is one of the biggest valuation firms used by banks and lenders for assessing mortgage applications. 

LMW chairman Keith Perrett said the group had been communicating constantly with its business partners in the face of a complex attack on the business.

''We are very pleased to hear from our external advisors that the breach was isolated to a single system, that the source of the disclosure had been closed, and that there is no ongoing suspicious activity across our network,'' Mr Perrett.

LandMark White have been working closely with the relevant government agencies, including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.

Before the breach, the group issued a 25 per cent downgrade in its profits for the first half to December 31, 2018, in late January, saying it had experienced a significant reduction in valuation instructions from the first-tier lenders.

It was February 5 when LandMark White Limited became aware that a dataset containing property valuation and personal contact information had been disclosed.

"We take the privacy and security of our data very seriously, and we are working closely with cyber security consultants to investigate the circumstances of the disclosure of the dataset," LMW told the ASX.

LMW became aware through one if its corporate partners, CoreLogic.

"We have taken immediate steps to secure what we believe to be the source of the disclosure to prevent any further disclosure of data.

"Currently there is no evidence of misuse of any information although this remains under close review."

Property valuer LandMark White Limited has blamed an exposed API for the leak of a dataset that included property valuation details and contact information of a range of individuals held by the company.

The security vulnerability responsible for the breach — “an exposed programming interface on one of our valuation platforms” — was closed on 23 January, according to the company.

“At that point, we were not aware that there had been any data disclosure,” an update released today for people affected by the breach states.

“Having since become aware of the disclosure on 4 February 2019, we have worked to confirm that the data disclosure relates to the vulnerability which had been previously secured.”

Founded in 1982 and listed on the Australian Stock Exchange in 2003, LMW has a long and proud heritage of providing independent professional property services to people and companies across Australia.

LMW has over 400 property professionals across 40 plus locations Australia wide.

Editor's Picks