Personal and financial details of up to 100,000 bank customers have been accessed by a third-party, following a major security breach at a property valuation firm that is closely tied to all four of Australia’s biggest banks.
According to a report from The Sydney Morning Herald’s Carolyn Cummins, “the breach, which LandMark White first revealed late on Friday, could include property valuations and personal contact information of home owners, residents, and property agents, including first and last names, residential addresses and contact numbers.”
Earlier this week, ANZ and the Commonwealth Bank announced they were suspending LandMark White from their valuers’ panel, with NAB still assessing the situation; “Westpac did not respond by [the] deadline,” according to Cummins.
Chris Coonan, chief executive at LandMark White told the SMH that they were “working closely with experts in IT and cybersecurity as well as our corporate partners, to achieve the best possible outcome for our clients.”
“LandMark White acted immediately, employing independent exports in data breaches and cyber security to assist with the investigation into the incident.”
Mr Coonan says the company notified the relevant authorities in a time-sensitive manner, but added that the company is yet to confirm the severity of the data breach.
“Although LandMark White’s investigation is ongoing, we have taken immediate steps to prevent any further disclosure of data. Currently there is no evidence of misuse of any information.” Mr Coonan concluded.
The company has issued an official statement on the data breach, which can be accessed here. “On 23 January, 2019, we closed off a security vulnerability that we had identified in one of our valuation platforms. At that point, we were not aware that there had been any data disclosure. Having since become aware of the disclosure on 4 February, 2019, we have worked to confirm that the data disclosure relates to the vulnerability which had been previously secured.”
In response to news breaking of the data breach, the Commonwealth Bank released the following statement. “As part of the date incident, customer information relating to property valuations was found hidden on the internet,”
“The customer informational that was disclosed relates directly to the valuations completed by LandMark White and includes customer name; contact details such as phone or email address; and details about the valued property.”
They reiterated that no sensitive details like bank account information was exposed in the breach, apologising for the incident.
“We take the protection of data and security incidents very seriously. The safety and security of our customers’ information is of paramount importance to us, which is why we have immediately suspended using LandMark White while we investigate how this occurred.”
LandMark White’s stock-price dipped 10% when news of the data breach was disclosed.