Security Market Segment LS
Monday, 18 February 2019 09:09

LMW property valuation data was on Web for 10 days

LMW property valuation data was on Web for 10 days Pixabay

Customer data that leaked from property valuation firm LandMark White, which is now known as LMW, was available on the dark web for more than 10 days before the company became aware of it, the company says in an update about the breach on Friday.

LMW said it did not know how many people had accessed the data while it was available to the public gaze. The company said independent security consultants had confirmed that the data was accessed via an exposed programming interface on one of our valuation platforms.

The firm is currently in a market halt and it is not known when it will return to trading on the ASX. "As a result of this [the breach], on 14 February, we felt we needed to move into a market halt so we could get some clarity around what this incident means for our business," it said.

The company said that the leaked dataset contained:

  • Approximately 137,500 unique valuation records, and approximately 1680 supporting documents.
  • Approximately 250,000 individual records in total, but many were duplicates.
  • The date range of the documents was between 4 January 2011 and 20 January 2019.

LMW announced the breach on 5 February, where it announced that it had shut down a security vulnerability on 23 January but was not aware at that point that data had leaked. It said in the latest update that it had become of the breach on 4 February.

ANZ, Commonwealth Bank and NAB have acknowledged that data about their clients were included in the dataset that was leaked on the Web.

In Friday's update, LMW said: "On 10 January 2019, our team received an email from the Australian Cyber Security Centre alerting us to a vulnerability. At that point in time, LMW was in the process of undertaking pre-planned systems upgrade work on the valuation platform the subject of the incident.

"LMW also separately received a post from a user on our Twitter account at that time relating to data that we now know was publicly available on the dark web. Our Twitter account was not actively monitored over the holiday period, and we have only recently become aware of it.

"The full extent of the incident was not apparent to us at the time of any of these communications, and we were not aware that there had been a disclosure of data at this time.

"On 23 January, we closed off Internet access to the valuation platform the subject of the incident. We believe it was the closure of the access to the platform that prompted the disclosure of the dataset by the unknown third party."

LMW was founded in 1982 and listed on the Australian Stock Exchange in 2003. It employs 450 staff across the country and 99.7% of its shareholders are in Australia.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments