Landmark White valuation data available on dark web forum after data breach

Landmark White valuation data available on dark web forum after data breach
Jonathan ChancellorDecember 7, 2020

Landmark White has advised its investigations reveal that an unknown third party posted an illegally downloaded valuation dataset on a dark web forum for 10 days in late January 2019.

Its advisory came a day after it sought the suspension of its ASX-listed shares after some of the big four banks indicated they had stopped using LMW valuations.

"An unknown criminal has maliciously accessed a LandMark White’s system," it advised.

"We do not know the identity of the individual," it added.

Its investigations reveal that the dataset contained:

  • approximately 137,500 unique valuation records, and approximately 1,680 supporting documents.
  • approximately 250,000 individual records in total but a lot of records are duplicates.
  • The date of the documents range between approximately 4 January 2011 and 20 January 2019.

"We can now share that on 30 December 2018, we received a message through the 'Live Chat' messaging service on our website, providing us with a link to the dark web. 

"As part of our standard operating procedure, we investigated this and as we could not access the dark web link provided, at that time this was discounted as spam."

On 10 January 2019, the LMW team received an email from the Australian Cyber Security Centre alerting LMW to a vulnerability. 

The breached valuation data has since been taken offline as at 10 February 2019.

"We do not know how many people accessed the dataset throughout the approximately 10 days that it was available on the dark web."

The dark web details are advised in its incident update as at 15 February recommending that all potentially impacted individuals remain vigilant against a potential risk of receiving phishing and other spam communications from organisations purporting to be LandMark White or one of our lending clients.

"Although LandMark White is one of the victims of this cybercrime, we take responsibility for this incident and deeply and sincerely regret that this incident has occurred," the company advised.

"We remain committed to achieving the best possible outcome for all parties that may be impacted, and we are focused on supporting our partners and their customers in the wake of this incident."

LMW is an Australian property valuation and consultancy firm which was founded in 1982 and listed on the Australian Stock Exchange in 2003, employing 450 staff across Australia.

On 23 January 2019, LMW closed off a security vulnerability identified in one of its valuation platforms.

"We have engaged leading privacy, digital forensic and cyber security consultants who have confirmed that the data disclosure relates to the vulnerability which had been secured. We can confirm that the disclosed dataset does not include loan application, date of birth, or other sensitive information."

The dataset contained property valuation and some personal contact information of borrowers, lenders, homeowners, residents, and property agents. 

There was also a small subset of supporting documents relevant to the valuation assessment contained in the dataset, such as contracts for the sale of land, council rates, and strata reports.

There was no evidence of misuse of any personal information, although LMW advise it will continue to closely monitor for this together with industry partners. 

LMW confirmed that no loan application details, including financial and identity documents, are contained within the dataset.

"We can also confirm that no date of birth records, personal bank account details, payment or credit card details, username and password or other credentials, or other sensitive information exists in the dataset.

Independent security consultants have confirmed that the data was accessed via an exposed programming interface on one of LMW's valuation platforms.

"We had already taken steps in January 2019 to block direct access to this interface to prevent any ongoing data disclosure, and it is no longer directly accessible from the internet."

LandMark White advised it was adopting a "very cautionary position" and assuming that a subset of its valuation requests received by LandMark White during the period 4 January 2011 and 23 January 2019 may potentially be at risk. 


Jonathan Chancellor

Jonathan Chancellor is one of Australia's most respected property journalists, having been at the top of the game since the early 1980s. Jonathan co-founded the property industry website Property Observer and has written for national and international publications.

Editor's Picks