IT contractor charged over cyber attack on property valuation firm

Australia’s New South Wales Police have charged a 49-year-old IT contractor with 15 offences related to a high-profile cyber attack on property valuation firm Landmark White that led to the theft of customer records and valuation data.

The incident came to light in January 2019 when Landmark White discovered that its customer records had been posted on the dark web. It subsequently alerted the authorities and customers, and suspended trading of its shares on the Australian Securities Exchange.

When trading was reinstated, the company’s shares, which had traded for 42.5 cents in February 2019, were being sold for 28 cents in May. Landmark White estimated that it had lost as much as A$7m of revenue as customers mothballed their accounts and it incurred significant costs to upgrade its security measures.

In June 2019, detectives from New South Wales Police’s cyber crime squad launched an investigation, which revealed that more than 170,000 data records, including personal information and valuation documents, had been uploaded to the dark web and the internet. The unauthorised access to the information allegedly occurred between September 2017 and May 2019.

“Cyber crime presents a unique challenge for law enforcement, and the only way we will be able to tackle the issues is collaboration with our industry partners and government,” said cyber crime squad commander Gordon Arbinja. “This investigation is an excellent example of the company working closely with police on a matter, which may otherwise have gone unreported or unsolved.”

Landmark White said in a statement that it was relieved the suspected culprit was not an employee of the firm, adding that it had since made considerable investments to beef up its security and fully complied with security benchmarks such as the ISO 27001 information security standard.

“We are pleased that a number of financial institutions have reinstated Landmark White to their panels of valuation providers, and we continue to work with all our partners to provide them with the information they need to be satisfied that our operations are secure,” it added.

Separately, the Australian National University (ANU) has released details of an investigation into a cyber attack that led to the theft of nearly two decades’ worth of data from its IT systems.

ANU vice-chancellor Brian Schmidt said: “To my knowledge, this is the first publicly available report of its kind in Australia and it contains valuable lessons, not just for ANU, but for all Australian organisations that are increasingly likely to be the target of cyber attacks.

“Our forensic investigation found the data breach was the work of a highly sophisticated actor using a targeted spear-phishing email that did not require the affected staff member to download an attachment or click on the link. It is shocking in its sophistication.”

Schmidt said ANU still cannot confirm exactly what data was taken, but has found no evidence that personal data was misused.

Although ANU has outlined lessons to be learned from the data breach and what it is doing to further protect its systems, Schmidt said the report cannot be an instruction manual for would-be hackers to launch another attack.

“I have asked for this report to be as transparent as is allowable to ensure our community is well-informed, but not so that criminals are armed with information that compromises our systems or that of another organisation,” he said.