Last week’s stunning data breach at the Corcoran Group has residential brokerage leaders on alert amid rising cyberattacks.
Brown Harris Stevens shut down all its internal accounting system in the hours after the attack. In the following days, one brokerage circulated a memo outlining best practices for emailing sensitive information, while other firms prompted their teams to change passwords. Other companies say they’ve taken all possible precautions to protect their data by performing daily scans of devices and software systems, and limiting access to sensitive files — even for their top executives.
“Try to hack us. You’re only going to get 3 percent of the information,” joked Eddie Shapiro, Nest Seekers International’s CEO and president. He said his company’s data is stored in digital and hard copies in decentralized locations to make a wholesale breach improbable. “When it comes to the most sensitive information, I keep it locked in a safe.”
He’s not alone. At Douglas Elliman, shredders sit at the ready in some rooms to destroy the evidence of sensitive documents, an insider said.
But, despite the industry’s best efforts, it’s undeniable to industry sources and cybersecurity experts that real estate firms are under attack.
The Federal Bureau of Investigation has tracked a rise in cyber attacks in connection to property deals. Last year, more than 11,000 people lost $150 million in hacks targeting real estate transactions.
David Navetta, an attorney who specializes in data security and privacy, said the onslaught of cyber attacks targeting the real estate industry seemed to reach heightened levels about 18 months ago.
“[Hackers] essentially figured out the ecosystem,” he said, adding that his firm staffs a 24-hour hotline with 12 lawyers to field calls after companies experience cyberattacks.
Brokerages in New York are feeling the heat. Earlier this year, Compass had an FBI agent run a seminar for agents focused on various schemes they may encounter, according to Jason Post, the brokerage’s head of communications. He said the event was scheduled after the VC-backed brokerage saw an “uptick in attempts” to breach email accounts and other attacks.
“We get attacked on a weekly, sometimes daily basis, with every possible phishing attempts and viruses and you name it,” said Shapiro. “Security is a critical part of our business.”
Mark Chin, CEO of Keller Williams Tribeca, agreed. He said his first hire three years ago when he opened the office was a systems architect specialized in data security.
Navetta’s firm, Cooley LLP, has dealt with several cases in which real estate brokerages were hacked and personally identifiable information about agents and clients were leaked. From there, companies will contract a third-party forensic investigator to find out what happened, what data was compromised and who is behind the attack. Notifications to relevant regulators, vendors, employees and clients also follow in short order once a breach has been confirmed.
Corcoran followed that playbook. After the brokerage confirmed the leak last Friday, it launched an investigation and notified both agents and other brokerages to confirm no client data was compromised. Corcoran also said it was involving law enforcement, a third-party forensic investigator and treating the incident as criminal. The brokerage declined to comment for this story.
Greg Kelley, who leads forensic investigation company Vestige and is not involved in Corcoran’s case, said costs for auditing hardware alone — which is typically done during an investigation — can run up a bill of up to $10,000 per device. He added that it’s unusual for law enforcement to get involved unless someone is physical danger or a large sum of money is involved.
Navetta, the attorney, also said Corcoran’s breach was unusual.
“Most of the time in the real estate industry when I’ve seen breaches, they’re going for the money,” he explained. “I don’t see why someone would do this, a normal hacker, without something else behind it.”
To many industry leaders, however, the sharing of this information represents an unprecedented attack. The Corcoran data exposed included agents’ earnings, splits and details of their employment agreements such as marketing budgets.
“We’ve never seen anything like that,” said Shapiro. “This is 100 percent either an inside job or some corporate espionage. 100 percent. This is not some random hacker.”
Lawrence Pearson, an employment lawyer at Wigdor LLP, noted that if a competitor was behind the breach, or used data from the breach in hiring, they could be exposed to lawsuits from both Corcoran and agents, whose compensation history was exposed.
For several insiders, Corcoran’s biggest issue is likely agents who saw the documents and may feel mistreated or undervalued by comparison.
“Agents just see that and it creates havoc,” said BHS CEO Bess Freedman, though she underscored that the leaked documents are only a small piece of a brokerage’s overall business. “It’s not conclusive, or it’s not total,” she said.
But sources told The Real Deal earlier this week that some agents are upset about what they saw or heard.
“It’s like turning a family against each other,” one industry source said. “The best thing to do is never to make that list.” That’s actually protocol at other firms, according to some executives.
“It’s insane to me that would even be available to be hacked,” said Shapiro.
“I don’t have an equivalent document sitting anywhere,” said Richard Grossman, Halstead’s president, noting that he has to request limited access to see comparable information for his company. Similarly, Chin said his agents’ splits are held by his franchise’s parent company.
That aside, Grossman said news of Corcoran’s breach both shocks and saddens him.
“If it was done by somebody, you know, shame on them,” he said. “I think that’s bad for all of us.”
Frederick Peters of Warburg Realty wrote on his Forbes blog earlier this week that “the attack on Corcoran was perhaps a sad inevitability” in a business landscape now characterized by “hyper aggressive recruiting” and a “cut-throat war for talent.”
Scott Durkin, Elliman president and COO, who previously worked at Corcoran, said the breach was terrible and “not right.”
“Generally, we all have similar business practices,” he said. “I don’t wish this upon any competitor.”