Agency denies any responsibility for cyber security breach

Estate agents concerned over security breaches will be closely analysing what happens with a case concerning a London firm’s compromised email account.

The issue concerns a couple who were renting through Alwyne Estates in Islington, but the implications stretch across the wider agency industry.

According to a report in a London newspaper, tenants Jessica Redman and her partner found a home to rent in the Canonbury area, through Alwyne Estates.

Redman contends that an email account of a property manager at the agency was compromised by hackers who duped her into sending £1,385 into a fraudster’s bank account.

She is quoted as saying: "We are in a limbo where no one wants to take responsibility. I work in marketing and consider myself to be quite savvy with these schemes. It makes you feel stupid. It's scary because you take measures to try and protect yourself but it gets to a point where, who's emails can you trust? It's actually putting a strain on my relationship.”

The agency takes a different view, saying that the couple were conned by an external email account, not one triggered by their own emails - and as a result, the agency is not granting the couple’s request to reimburse the lost funds.

A statement given to Estate Agent Today last evening by Alwyne’s director, Kevin O’Grady, says: “We are one of the largest independent estate agents in the Highbury and Islington area for the past 20 years. This is the first time we have experienced a cyber compromise. We would like to make clear that the compromise happened over the Christmas/New year period when the office was closed, it was sent via a fake account using a completely different email address to ours.

“When we became aware of the situation we contacted the police and received a crime reference number, we also contacted the ICO who investigated and concluded that we were clear of any negligence.  Our insurers were contacted and made aware of the situation and our solicitors informed us that we were not financially responsible.

“As an independent company we care about our customers and were genuinely mortified that this had happened to one of our potential tenants, we invited Jessica into our offices to discuss the matter and help in any way we could. We suggested that we could find them another property and negotiate the best possible deal for them. They also had the option to continue with the property they had placed their deposit on.

“Unfortunately Jessica wanted a financial settlement even though we believe their bank may have covered their loss. No formal request was ever received asking for any reimbursement of money; should we have received this it would have been passed to our insurers, however, evidence that their bank had not covered the loss would be required.  

“We showed them the ICO's report which clearly exonerates us from any negligence, we explained that we have an IT consultancy company that has our systems running with the best cyber security measures implemented, this fraud was not because of any breach of a duty to care from our company.   

“It is also important to mention that the language and terminology used by these 'cyber crooks' insisting that money be paid over immediately and the timing, being over the holiday period when most offices were closed is something we would never do.”

O’Grady goes on to explain that discussions with Redman unfortunately deteriorated, leading to the report appearing in the local press.