Cyberattack on NorCal MLS provider drags on for 14th day

Site producer Rapattoni says “certain essential components” missing to restore service

Cyberattack on NorCal MLS System Drags on for 19th Day
Rapattoni Corp. CEO Niki Rapattoni (Rapattoni, Getty)

A cyberattack on MLS listing sites in Northern California and elsewhere drags on for two weeks with no date to restore access from Rapattoni, according to emails from the Westlake Village software firm reviewed by The Real Deal.

A message from Rapattoni to its customers said that it had hoped to restore service on Aug. 20. “Rapattoni had hoped to bring all MLS systems back online today,” the email states, “but certain essential components are requiring more time to complete the restoration process,” said a message signed by Kimberly Proudfoot, Rapattoni’s director of support.

In an Aug. 18 email, the software company told customers they were “days, not weeks, away from being able to bring up your ‘core’ MLS system.”

Once the core service is restored, MLS users would be able to add and edit listings, search and map listings, and syndicate data to consumer sites, the email said.

An email and a phone call requesting comment from Rapattoni was not returned. 

The company serves 27,000 subscribers, according to media reports. The company has encouraged agents to post information about listings on alternative sites such as the platform  Realtors Property Resource. 

The freeze of Rapattoni’s MLS site started the night of Aug. 8, with reports suggesting the company fell victim to a ransomware scheme. It is the longest-running cyberattack  on an MLS known by Justin Fichelson, a co-founder of San Francisco headquartered brokerage Avenue 8. 

Sign Up for the undefined Newsletter

“So many agents rely on it for daily information, “Fichelson said. “It was a shock that Rapattoni would not have stronger security. It’s taken so much time to resolve.”

Fichelson said so far there has been no talk among Bay Area agents to seek alternatives. 

“It has been a hassle, but it’s not the end of the world,” he said. In the past couple of weeks, agents have been forced to do more legwork to confirm information on listings and sales, Fichelson said.

Most MLS listings in the Los Angeles market are produced by a separate company called The MLS. Los Angeles agents said that there has not been much talk about the cyberattack, but it’s on agents’  radars. 

“It matters,” said Lu Gomez of the Gomez Morgner Group at Douglas Elliman. “It is where we get our information — without it we’d be screwed. We have no other source to place listings or get information for our buyers.”

Cyberattacks on MLS sites are on the rise, said Emily Phelps of New Jersey-headquartered cybersecurity company Cyware. There have been a couple of notable cyberattacks in the past few years, she said. In 2020, the Georgia MLS was hit with a ransomware attack. In 2019, MetroList, based in Northern California, was shut down for two days. “Neither of these caused the nationwide shutdowns we’ve seen with the Rapattoni attack.” Phelps said. 

A survey of ransomware attacks in the past three years, found it took around 20 days to resolve such an attack.

Read more

SF Home Tours Hindered by MLS Cyberattack
San Francisco
Open houses hindered as cyberattack shuts down Bay Area MLS
Second week of MLS ransomware attack continues to stymie Bay Area brokers
San Francisco
MLS meltdown: ‘The ripple effects are going to be insane’
MLS System in LA Hardened for Cyberattacks
Los Angeles
MLS system in LA hardened for cyberattacks