Police have arrested and charged a software contractor over an alleged data hack against property valuation and consulting firm Landmark White, which described the arrest as “a great relief for the business and our staff”.
Landmark White (LMW) was the victim of a data breach that ran for more than 18 months, which CEO Timothy Rabbitt said had caused “significant disruption” to the business and stress for its staff and management.
The impacts have also had financial and reputational costs for LMW, which has been forced to make “a significant investment” in upgrading its IT security.
Charges laid for 15 offences
NSW Police announced on Wednesday that detectives from its State Crime Command’s Cybercrime Squad began investigating allegations of a data breach at an Australian-based company, without naming Landmark White, in June this year.
According to police, an investigation revealed that the breach had extended from September 2017 to May 2019, with unauthorised access gained to the company’s database and over 170,000 data records — including valuations and personal information.
Detectives arrested an unnamed 49-year-old man in Sydney’s CBD on Wednesday morning, and subsequently executed a search warrant on a home in the inner western suburb of Rozelle as well as a crime scene warrant on a business data centre in the inner suburb of Ultimo.
Computers, laptops, servers and electronic storage devices were seized as part of the searches.
Following the raids, police formally charged the man with seven counts of dealing with identity information to commit an indictable offence, five counts of unauthorised modification of data with intent to cause impairment and two counts of impairing electronic communications to or from a computer.
A separate charge was also laid for possession of a prohibited drug.
“Cybercrime presents a unique challenge for law enforcement, and the only way we will be able to tackle the issues is collaboration with our industry partners and government,” Detective A/Supt Arbinja said.
“This investigation is an excellent example of the company working closely with police on a matter, which may have otherwise gone unreported or unsolved.”
NSW Police said investigations of the matter are ongoing.
According to the company, the individual at the centre of the breach posted the dataset on a dark web forum late on the evening of 31 January this year. The information was subsequently taken down on 10 February.
LMW confirmed that the data taken pertained to 274,870 individuals, all of whom the company said have been notified directly or by its clients.
“The NSW Police statement today mentioned that 170,000 data records were accessed by unauthorised means. Just to clarify, according to a report undertaken by IDCARE at the time of the investigation, there were only 25 individuals who were classified as being at the ‘material risk of serious harm’,” said Mr Rabbitt.
“Those individuals were proactively contacted several months ago by LMW and our clients, to provide them with any support they required. However, let me reiterate that there was no evidence of misuse of any personal information – but we will continue to closely monitor this with our industry partners.”
‘Events made the firm stronger’, LMW boss says
Revealing that it was the business at the centre of the investigation, LMW issued a statement welcoming the arrest.
“The arrest was a great relief for the business and our staff, and would help ease the stress many of our staff have felt over the last six months,” said Mr Rabbitt, adding that it “was also a vindication of LMW’s stance that this was a serious crime committed against the company”.
Mr Rabbitt also expressed gratitude that the arrest was not of an employee of the business.
“We hope [the] arrest will bring closure to these data incidents and will give confidence to LMW’s clients, partners and staff, that we can continue to provide a secure, long-term work environment for our staff and a quality service to our clients,” he said.
According to Mr Rabbitt, LMW has beefed up security and made enhancements to its systems following the breach by someone who had worked externally but been given “trusted inside access” to the business, noting that the firm is now stronger as a result of the experience.
“The enhancements to our network security allow us to demonstrate via third-party audit that our IT systems represent a best-practice, secure platform. In driving these ongoing enhancements, our goal is always to provide services to our clients in an efficient, cost-effective and secure manner,” he said.
“A number of financial institutions with whom we’ve had long-term relationships have reinstated LMW to the panels of valuation providers, which is fantastic. We are also extremely grateful to our 300 loyal staff, who have continued to work with us to put our clients first.”
Mr Rabbitt added: “We have been a trusted member of the industry for over 40 years, and we look forward to putting this incident behind us and getting back to work with all of our clients and partners across Australia.”
Adam Zuchetti is the editor of My Business, and has steered the publication’s editorial direction since early 2016.
Ask the Experts: Business assets and liability after separation
By Anneka Frayne
Anxiety in the workplace
By Staff Reporter
Managing ‘sleeper issue’ of directors’ GST risks
By Jim Koutsokostas