LMW Data Breach - is your business next?
In a serious data breach incident, personal information for more than 130,000 Landmark White clients was stolen and made available on the dark web for a period of 10 days. An exposed API (system interface) was cited as the cause of the breach.
On February 5, Landmark White (LMW) released a statement announcing that a "dataset containing property valuation and some personal contact information has been disclosed".
The disclosed data contained basic personal information for each borrower including names, residential and/or business addresses, phone numbers and email addresses.
In the most recent update from LMW on February 15, the company maintains there has yet to be any evidence of misuse of the leaked personal information. Those affected were still advised to remain vigilant to potential threats such as phishing scams and to consider discussing additional security options with their banks.
Despite being labelled as a "benign" breach with no "sensitive" data being leaked, the incident had an immediate and severe impact on the company itself. Many major clients including CBA and ANZ temporarily suspended the firm from their valuation panels and shares fell 10.6 per cent to a four-year-low.
While Landmark Whites' proactive and transparent response has undoubtedly put them in a good position to recover commercially, there is a long road ahead to resolve issues.
Could your business be next?
Cyber Crime is now the leading cause of data breaches for Australian businesses. According to the latest statistics from the Office of the Australian Information Commissioner (OAIC), 64% of all notifiable data breaches occuring in October to December 2018 were the result of a malicious or criminal attack, 33% due to human error and 3% system faults.
If your business holds client data, it is important to be aware of your obligations to protect the privacy of that data at all times. This includes ensuring adequate Cyber Security measures are in place.
The reputational damage caused by a data breach can have severe financial impacts for a business and may even lead to collapse. However, losing clients and partners is not the only risk to consider. Under the Privacy Act 1988 (Cth) - the Commissioner has the power to fine companies for breaches and to take personal culpability actions against company directors for the breach.
Boards and Directors must ensure they have proper Cyber Security processes, reporting, protection and insurances in place to protect both their companies and themselves.
Information and Resources
There is a wealth of information available to assist your business to understand your privacy obligations, to help prevent data breaches and to respond effectively following a breach.
A great place to start for reliable guides and information is https://www.oaic.gov.au. While on the OAIC site, be sure to download the Data Breach Preparation and Response Guide. The guide contains comprehensive and practical information to assist businesses in developing and implementing an effective data breach response.
How Coverforce can help
The right insurance cover can help minimise your loss in the event of a Privacy Breach. A Cyber Liability and Privacy Protection Insurance policy might be suitable for your business. Contact an experienced Coverforce Insurance Broker for expert advice today.
The information provided in this article is of a general nature only and has been prepared without taking into account your individual objectives, financial situation or needs. If you require advice that is tailored to your specific business or individual circumstances, please contact Coverforce directly.
Find this article helpful? Click on one of the links below to share the content.