A report by the i newspaper suggested that details of more than 16,000 credit and debit cards, as well as address and private correspondence, are now freely accessible to potential scammers, with the files viewed more than 15,000 since they were published three months ago.
Foxtons was hit by a malware attack last October, though the firm maintains that only Alexander Hall, its mortgage broking business, was affected and that no sensitive data had been stolen.
The firm says the stolen data of those affected customers was old and incomplete and therefore could not lead to any financial detriment.
It subsequently reported itself to the Information Commissioner’s Office.
However, now the i has alleged that the firm was informed that its customers’ details were available on the dark web in January, but has failed to take any action.
Some details of customers from before 2010 have been posted on the dark web and are freely available, according to the paper, but the hackers have warned that this represents just one per cent of the details they have in their possession. They have claimed that they are selling on the more recent details to potential fraudsters.
‘Customers are safe’
In a statement, Foxtons emphasised that it did not believe the attack last year had exposed any sensitive data from customers.
The firm said: “Alexander Hall, Foxtons’ mortgage broking business, was subject to a malware attack in October 2020 that affected a number of other organisations. Some IT systems were affected for several days but were restored without significant disruption to customers.
“We have forensically been through all the stolen data and confirm it is both old and incomplete therefore not useable by a third party and not possible for it to cause financial loss or harm to those affected customers.
“All necessary disclosures have been made and full details of the attack were provided to the Financial Conduct Authority (FCA) and Information Commissioner’s Office (ICO) at the time. We are satisfied that the attack did not result in the loss of any data that could be damaging to customers and believe that the FCA and ICO are satisfied with our response.”