Foxtons customer data leaked onto the dark web

The company has been accused of "failing" to inform customers after becoming aware of data leak last month

Financial details belonging to customers of UK estate agency Foxtons are widely available on the dark web following a malware attack in October last year that affected parent company Foxtons Group.

Despite admitting that the incident affected its subsidiary Alexander Hall, which specialises in mortgage broking, Foxtons assured its customers at the time that no “sensitive data” had been stolen.

However, it has now been revealed that anyone with access to the dark web can view 16,000 card details, addresses and private correspondence - such as details of paid fees - belonging to Foxtons Group customers prior to 2010.

The personal information has been available since at least 12 October 2020, inews reports, two days after the malware attack took place. Since then, the files have been viewed over 15,000 times.

The company is accused of having knowledge of the availability of the data since last month and of failing to inform its customers, particularly those affected by the breach.

According to its website, the estate agency holds “over three million customer records”.

Ray Walsh, digital privacy expert at ProPrivacy, told IT Pro that it’s unsurprising that “sensitive consumer data stolen from Foxtons Group last October is floating around the dark web”.

Related Resource

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

cost of a data breach report 2020 - whitepaper from IBMDownload now

“This is, after all, the point of these types of hacks,” he added. 

Walsh noted that around 20% of the analysed cards details stolen in the attack are still active, “meaning that those consumers need to be informed now so that they can cancel their cards, and check back through their statements for any irregularity”.  

“If Foxtons knew the full scale of this breach two days after the attack – and did nothing to warn consumers – it would be an astonishing dereliction of duty, but we must now wait for the ICO investigation to assess what happened and what kind of fines Foxton should face,” he said.

Foxtons reportedly informed the Information Commissioner’s Office (ICO) of the attack last year, but Walsh believes that “it is likely a fine will be imminent”. 

“Some of the data that has been unearthed on the dark web predates 2010, and the hacker has suggested that the older information is being used to advertise the hack while selling more up-to-date records in secret. If this is true the risk to consumers is even bigger and it is vital that Foxtons immediately contact all customers potentially caught up in this mess,” he added.

However, a Foxtons spokesperson told IT Pro that the company had "forensically been through all the stolen data and confirm it is both old and incomplete therefore not useable by a third party and not possible for it to cause financial loss or harm to those affected customers".

"All necessary disclosures have been made and full details of the attack were provided to the FCA and ICO at the time. We are satisfied that the attack did not result in the loss of any data that could be damaging to customers and believe that the FCA and ICO are satisfied with our response," they added.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

How to use machine learning and AI in cyber security
Security

How to use machine learning and AI in cyber security

30 Jul 2021
Chipotle’s marketing email hacked to send phishing emails
phishing

Chipotle’s marketing email hacked to send phishing emails

29 Jul 2021
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

29 Jul 2021
Colonial Pipeline hack spurred copycat attacks on other oil and gas companies
hacking

Colonial Pipeline hack spurred copycat attacks on other oil and gas companies

29 Jul 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021