US real estate giant ‘Long & Foster’ is distributing notices of a data breach incident to its clients, informing them of a very serious exposure. According to the details given in the letter, ransomware actors hit the company’s network on August 22, 2020, taking down the targeted systems, encrypting files, and locking access. The firm immediately contacted cybersecurity experts to help them remedy the situation and informed the FBI of the incident.
As the company can confirm now, the following information has been stolen by the actors before it was encrypted locally:
The above information is extremely sensitive data that can be used for extortion, identity theft, scamming, phishing, etc. For this reason, ‘Long & Foster’ will support the exposed individuals with a 24-month long identity protection service by “LifeLock Defender Choice.”
This includes credit monitoring and identity restoration. Also, state regulators and consumer reporting agencies have been informed about the incident, so the entire legal and protection system is prepared to tackle the risks that arose from the event.
The recipients of the notices are urged to take up the identity protection service and to generally stay vigilant. It is very likely that quite a few malicious actors will target them in the upcoming period. There are no phone numbers of email addresses in the exposed data, but hackers could find contact details from public data or other data breaches since names and addresses are known.
If you need any clarifications about the incident or you require further assistance, you are advised to call the firm’s dedicated line, which is (866) 885-9271, available 24/7.
‘Long & Foster’ is the largest private real estate company in the United States, employing over 11,000 agents in 220 sales offices. Their clients include people looking to buy or sell residential and commercial properties or land, insurances, home warranties, and manage vacation rentals, relocation, and business development. Thus, this incident has potentially exposed some high-profile individuals that would be amazing targets for hackers.
The fact that this report comes four months after the security incident isn't very encouraging for the victims, as they may have already received scamming messages. We understand that investigation takes time, but four months is far longer than what constitutes a reasonable amount.