An ASX-listed property valuation firm has suffered a data breach, and banks industry-wide are scrambling to find which home loan customers are affected.
LandMark White Limited last week announced to the ASX that it had suffered a breach that saw personal contact information and property valuation data exposed.
Real estate research firm CoreLogic, one of LandMark’s corporate partners, on February 4 notified the real estate valuer of the breach.
“We understand that the dataset contained property valuation and some personal contact information of borrowers, lenders, homeowners, residents, and property agents, including first and last name, residential address, and contact numbers,” stated LandMark.
“The dataset also includes commentary about the property, relevant to its overall valuation.”
All major banks affected
All four major banks, as well as numerous smaller players, use LandMark for valuing property for loan applications.
While Fairfax Media reported the incident affected 100,000 home loan customers, LandMark is not yet publicly disclosing how many people could have been exposed.
A Commonwealth Bank spokesperson told Yahoo Finance that the company has suspended using LandMark while it investigates how this breach occurred.
“CBA Group is contacting all affected customers to advise of the proactive steps the bank has taken in response to this incident, which includes heightened monitoring of their accounts,” the spokesperson said.
Westpac is also investigating.
“Our immediate priority is to contact customers who may have been impacted,” a Westpac spokesperson told Yahoo Finance.
“At this stage, we understand that property valuation details and some personal information has been disclosed.”
ANZ chief data officer Emma Gray said that her bank has suspended LandMark’s services and is contacting affected customers.
“At this stage we understand a very small percentage of our customers who had valuations undertaken between November 2015 and December 2018 are potentially impacted,” she said.
“ANZ uses a range of property valuers and the organisation in question represents a very small portion of the valuations conducted.”
NAB told Yahoo Finance that it was “in the process of identifying NAB customers and taking the right steps to contact them directly”.
“We take the safety and protection of our customers’ information very seriously. Importantly, NAB’s systems remain secure,” said a spokesperson for the bank.
“We have currently suspended the use of LMW services while our investigation is ongoing.”
Who has the data?
LandMark stated that there is also “a small subset” of supporting documents for loans among the leaked data, such as property contracts, council rates notices and strata reports.
“We are reviewing these documents to understand their contents and assess the potential privacy implications,” the company said.
Currently there is “no evidence of misuse” of any of the breached data but LandMark stated that this is “under close review”.
The incident has been reported to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, news and tech news.