LandMark White probes fresh data breach
Four months after its CEO stepped down over a cyber attack, valuer LandMark White has suffered another big data breach.
Listed valuation company LandMark White has suffered another data breach.
On Thursday the company warned stakeholders that a batch of sensitive commercial data had been posted online, confirmed the news first published by The Australian that a batch of documents had been posted on US-based document sharing site SCRIBD.
According to LandMark, SCRIBD had started taking documents offline. All of the data would be completely removed within the next 48 hours, it said.
In a statement to the ASX released after market closed, LandMark said that the data breach was not IT-related. The nature of the information contained in the stolen documents couldn’t be classified as a notifiable data breach under the Privacy Act, it said.
“With the assistance of our legal advisors and based on our initial review of the documents posted, we do not believe that this constitutes a notifiable data breach for the purposes of the Privacy Act 1988 and the Notifiable Data Breaches Scheme as there is limited private information contained in the documents,” it said.
“Notwithstanding this assessment, we have updated the Office of the Australian Information Commissioner of the disclosure and undertaken to keep it updated.”
In a letter seen by The Australian that was sent to stakeholders prior to the official statement, LandMark said the documents mostly comprised PDF valuation documents and other “operationally-related commercial documents of LMW”.
The latest data breach comes as LandMark looks to recover from a serious cyber intrusion in January, in which 137,500 valuation records were stolen by hackers. The stolen data subsequently twice made it way to the dark web, where hacker communities trade stolen information and hacking technology.
The company was suspended from the ASX in February and was reinstated on May 7.
According to LandMark, the documents posted on SCRIBD had not been stolen via a cyberattack.
“These documents do not appear to have been taken from LMW through an IT related security breach,” it said in its letter.
The theft “may be the deliberate work of an individual known to the LMW business”, it said.
“We are treating this very seriously and will work with law enforcement and government agencies, as necessary to confirm the circumstances of the activity.”
The company also stressed that its cyber defences had been significantly improved since the first data breach and that the “best interests of affected individuals remain protected”.
“Where possible we have been working with our external advisors and the Australian Cyber Security Centre to take materials offline,” it said.
The type of attack described by LandMark, commonly referred to as “Insider Attacks, is a big problem in the information security world. A recent report from US telco Verizon’s cybersecurity division said 20 per cent of cybersecurity incidents and 15 per cent of the data breaches originate from people inside the organisations affected.
According to Verizon, financial gain (47.8 per cent) and pure fun (23.4 per cent) were the top motivators for such attacks.
LandMark declined to comment on the issue when contacted by The Australian.
The company has already had to pay a heavy price for the first data breach, pegging the financial cost of the incident at around $7 million.
The cost was based on the work it lost from a number of clients and the big banks suspending the use of LandMark as an independent valuer for home loan assessments.
It also claimed the scalp of former LandMark CEO Chris Coonan, who resigned in the wake of the scandal, and two board members.
At the time, the company said it had engaged external cyber security and privacy experts to help it understand the incident’s impact and also received an independent risk assessment for its own customers.
More Coverage
End of an error: What happened in Whyalla
On a dramatic day for the town of Whyalla, our reporter explains what happened.
Why Goodman’s AI pivot has a big message for investors
The veteran property investor is replaying the strategy that turned a small commercial property trust into a $70bn industrial powerhouse.