Real Estate

Recent Cyber Attacks

  • Data breach at RE/MAX. In December 2022, the real estate franchise RE/MAX was hit by a data breach that exposed the personal information of over 400,000 agents and employees. The breach was caused by a security vulnerability in the company’s cloud-based platform.
  • Phishing attack on Zillow. In November 2022, the real estate website Zillow was targeted in a phishing attack that allowed the attackers to gain access to employee email accounts. The attackers then used the compromised accounts to send phishing emails to other employees, which led to further data breaches.
  • Data breach at Trulia. In October 2022, the real estate website Trulia was hit by a data breach that exposed the personal information of over 300,000 users. The breach was caused by a security vulnerability in the company’s website.
  • Cyberattack on Compass. In March 2023, the real estate brokerage Compass was hit by a cyberattack that exposed the personal information of over 600,000 customers. The breach was caused by a security vulnerability in the company’s website.
  • Data breach at Keller Williams. In February 2023, the real estate franchise Keller Williams was hit by a data breach that exposed the personal information of over 500,000 agents and employees. The breach was caused by a security vulnerability in the company’s cloud-based platform.
  • Ransomware attack on Coldwell Banker. In January 2023, the real estate brokerage Coldwell Banker was hit by a ransomware attack that encrypted its data. The attack forced Coldwell Banker to temporarily shut down its operations.
  • Data breaches: The real estate industry handles a lot of sensitive data, including customerPII, financial information, and property listings. This data is a valuable target for cybercriminals, who can sell it on the dark web or use it to commit identity theft or fraud.
  • Ransomware attacks: Ransomware is a type of malware that encrypts a victim’s files and demands a ransom payment in order to decrypt them. Real estate businesses are a prime target for ransomware attacks because they often have sensitive data that they cannot afford to lose.
  • Phishing attacks: Phishing is a type of social engineering attack that involves sending emails or text messages that appear to be from a legitimate source. The emails or text messages often contain a link that, when clicked, installs malware on the victim’s computer. Real estate businesses are a prime target for phishing attacks because they often have employees who are not familiar with cybersecurity best practices.
  • Vendor vulnerabilities: Real estate businesses often rely on third-party vendors, such as property management software providers and web hosting companies. These vendors can introduce security vulnerabilities into the real estate business’s systems.
  • Cyberattacks on mobile devices: Real estate businesses are increasingly using mobile devices to access and share sensitive data. This can make it more difficult to protect that data from cyberattacks.
  • The use of cloud computing: Many real estate businesses are now using cloud computing services. This can introduce new security risks, such as data breaches and account takeovers.
The specific cybersecurity regulatory requirements that real estate companies need to follow will vary depending on the state they operate in. However, there are some general cybersecurity best practices that all real estate companies should follow, such as:
  • Implementing strong access controls. This includes using strong passwords and multi-factor authentication to protect access to systems and data.
  • Encrypting sensitive data. This includes data such as financial information, Social Security numbers, and medical records.
  • Monitoring for security threats. This includes using firewalls and intrusion detection systems to identify and respond to potential attacks.
  • Keeping software up to date. This includes installing security patches and updates as soon as they are available.
  • Educating employees on cybersecurity. This includes training employees on how to identify and avoid phishing attacks and other scams.

In addition to these general best practices, real estate companies that collect or store certain types of data may also be subject to specific regulatory requirements. For example, real estate companies that collect or store personal data of California residents must comply with the California Consumer Privacy Act (CCPA). Real estate companies that process payment card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). And real estate companies that operate in certain critical infrastructure sectors may be subject to additional cybersecurity requirements imposed by federal or state laws.

Cybersecurity is the cornerstone of modern business. Take the case of our collaboration with the property management company seeking to bolster its cybersecurity practices while embracing digital transformation.

The Challenge:

As the property Management company expanded its digital footprint, the need to ensure the security of its code and AWS infrastructure became paramount. The company was seeking a comprehensive cybersecurity strategy that could detect vulnerabilities, secure configurations, and monitor security incidents across its digital assets.

The Transformation:

Careful Security stepped in with an all-encompassing approach. We began with penetration testing, an aggressive yet essential strategy that involves testing vulnerabilities in the company’s code as if from the perspective of a malicious actor. This proactive testing allowed us to identify potential security weaknesses before they could be exploited.

Next, we turned our attention to their AWS infrastructure. By conducting a meticulous security configuration review, we were able to spot and address potential risks, safeguarding the company’s digital assets against possible threats.

But the transformation didn’t stop there. Recognizing the importance of continuous monitoring, we implemented a robust Security Incident and Event Monitoring (SIEM) solution, centralizing the logging and monitoring of their AWS infrastructure. This not only allowed for real-time detection and response to security incidents but also offered insights into their security posture, facilitating proactive measures to enhance resilience.

The Result:

The outcome was a more secure, resilient digital framework that could confidently support the clients growth. Our penetration tests enhanced the security of their code, while our secure AWS configuration and SIEM solution provided a continuous surveillance system for their digital environment.

Our client is now equipped with a cybersecurity strategy that’s as robust and reliable as the properties they manage, providing peace of mind to both the company and its customers.