Customer Data Breach: Foxtons at centre of newspaper allegations

A newspaper claims that thousands of customers’ financial details held by Foxtons Group are being freely accessed on the so-called dark web.

In an exclusive, the i newspaper alleges that the agency did not take action when it was informed last month that financial and personal information was accessible on the dark web following an attack on its data some months earlier.

However the company has insisted that only Alexander Hall, its mortgage broking business, was affected and that no “sensitive data” had been stolen. 

It has reported itself to the Information Commissioner’s Office, the regulator.

The i says: “An investigation found that more than 16,000 card details, addresses and private correspondence, including details of fees paid, are freely accessible by potential fraudsters. The files have been viewed 15,073 times since being published online three months ago.”

The data appears to have been taken in a hacker’s attack on Foxtons back in October.

The i claims: “Foxtons Group was informed by the concerned client that its customers’ card details had been leaked online more than three weeks ago, but failed to inform either potential victims or authorities.”

In a statement to the paper, Foxtons Group responds: “Alexander Hall, Foxtons’ mortgage broking business, was subject to a malware attack in October 2020 that affected a number of other organisations. 

“Some IT systems were affected for several days but were restored without significant disruption to customers. All necessary disclosures have been made and full details of the attack were provided to the FCA and ICO at the time. 

“We are satisfied that the attack did not result in the loss of any data that could be damaging to customers and believe that the FCA and ICO are satisfied with our response."

In addition, Foxtons told Estate Agent Today this morning: “We have forensically been through all the stolen data and confirm it is both old and incomplete therefore not useable by a third party and not possible for it to cause financial loss or harm to those affected customers.”

Back in October the i alleged that Foxtons suffered a malware attack and data breach which closed its MyFoxtons client website.

The i also claimed that in 2013 Foxtons was forced to investigate whether hackers had stolen details of almost 10,000 sellers, buyers, landlords and renters following an anonymous leak on a hacking website.

Here is today's i story.