At least 16,000 customers were affected after data stolen from Foxtons was found on the dark web. Foxtons decided not to warm its customers. This page explains how the Foxtons data breach happened.
In January 2021, London-based estate agent Foxtons discovered that it had experienced a huge data breach. But, despite an investigation finding 16,000 card details, addresses and correspondence related to this breach on the dark web, Foxtons did not tell its customers that criminals had accessed and exposed their data.
The attackers claimed they had released only 1% of the stolen data publicly. So, the 16,000 customer records found on the dark web could have been the tip of the iceberg. There were also concerns that the criminals could be selling records in secret.
While Foxtons knew about the data violation in January 2021, it decided not to inform the potential victims. During this time, hackers had free reign to sell and share this data and victims of the breach were not given the opportunity to adopt extra security measures to protect themselves from further theft and fraud.
See our answers to the FAQs we get asked about the Foxtons Data Breach.
In October 2020, Foxtons Group suffered a severe data breach. The violation forced the estate agency to shut down its customer portal (MyFoxtons) temporarily. The business was also unable to access customer and landlord contact details on its systems.
Foxtons claimed that only Alexander Hall, its mortgage broking business, was affected by the data breach and that no ‘sensitive data’ was stolen. A spokesperson for the business said: “We are satisfied that the attack did not result in the loss of any data that could be damaging to customers and believe that the FCA and ICO are satisfied with our response”.
They added: “We have forensically been through all the stolen data and confirm it is both old and incomplete therefore not useable by a third party and not possible for it to cause financial loss or harm to those affected customers.”
However, according to media reports, the hackers stole vast amounts of personal and financial information from Foxtons, and they uploaded this data to the dark web.
Unfortunately not. An investigation by iNews found that a database of more than 16,000 card details, addresses, and private messages, stolen from Foxtons’ systems, was uploaded on the dark web. This data had since been viewed more than 15,000 times.
Analysis of the available data showed that 20% of the debit cards found on the dark web were still active and included full card numbers and personal information.
The attackers claimed they have released only 1% of the stolen data publicly. So the 16,000 customer records found on the dark web could have been the tip of the iceberg.