[BreachExchange] “Perhaps a sad inevitability:” Corcoran isn’t the only firm under attack

Destry Winant destry at riskbasedsecurity.com
Mon Sep 23 10:17:05 EDT 2019

“I don’t have an equivalent document sitting anywhere,” said Richard
Grossman, Halstead’s president, noting that he has to request limited
access to see comparable information for his company. Similarly, Chin
said his agents’ splits are held by his franchise’s parent company.

That aside, Grossman said news of Corcoran’s breach both shocks and saddens him.

“If it was done by somebody, you know, shame on them,” he said. “I
think that’s bad for all of us.”

Frederick Peters of Warburg Realty wrote on his Forbes blog earlier
this week that “the attack on Corcoran was perhaps a sad
inevitability” in a business landscape now characterized by “hyper
aggressive recruiting” and a “cut-throat war for talent.”

Scott Durkin, Elliman president and COO, who previously worked at
Corcoran, said the breach was terrible and “not right.”

“Generally, we all have similar business practices,” he said. “I don’t
wish this upon any competitor.”

Leave a Comment

Last week’s stunning data breach at the Corcoran Group has residential
brokerage leaders on alert amid rising cyberattacks.

Brown Harris Stevens shut down all its internal accounting system in
the hours after the attack. In the following days, one brokerage
circulated a memo outlining best practices for emailing sensitive
information, while other firms prompted their teams to change
passwords. Other companies say they’ve taken all possible precautions
to protect their data by performing daily scans of devices and
software systems, and limiting access to sensitive files — even for
their top executives.

“Try to hack us. You’re only going to get 3 percent of the
information,” joked Eddie Shapiro, Nest Seekers International’s CEO
and president. He said his company’s data is stored in digital and
hard copies in decentralized locations to make a wholesale breach
improbable. “When it comes to the most sensitive information, I keep
it locked in a safe.”

He’s not alone. At Douglas Elliman, shredders sit at the ready in some
rooms to destroy the evidence of sensitive documents, an insider said.

But, despite the industry’s best efforts, it’s undeniable to industry
sources and cybersecurity experts that real estate firms are under

The Federal Bureau of Investigation has tracked a rise in cyber
attacks in connection to property deals. Last year, more than 11,000
people lost $150 million in hacks targeting real estate transactions.

David Navetta, an attorney who specializes in data security and
privacy, said the onslaught of cyber attacks targeting the real estate
industry seemed to reach heightened levels about 18 months ago.

“[Hackers] essentially figured out the ecosystem,” he said, adding
that his firm staffs a 24-hour hotline with 12 lawyers to field calls
after companies experience cyberattacks.

Brokerages in New York are feeling the heat. Earlier this year,
Compass had an FBI agent run a seminar for agents focused on various
schemes they may encounter, according to Jason Post, the brokerage’s
head of communications. He said the event was scheduled after the
VC-backed brokerage saw an “uptick in attempts” to breach email
accounts and other attacks.

“We get attacked on a weekly, sometimes daily basis, with every
possible phishing attempts and viruses and you name it,” said Shapiro.
“Security is a critical part of our business.”

Mark Chin, CEO of Keller Williams Tribeca, agreed. He said his first
hire three years ago when he opened the office was a systems architect
specialized in data security.

Navetta’s firm, Cooley LLP, has dealt with several cases in which real
estate brokerages were hacked and personally identifiable information
about agents and clients were leaked. From there, companies will
contract a third-party forensic investigator to find out what
happened, what data was compromised and who is behind the attack.
Notifications to relevant regulators, vendors, employees and clients
also follow in short order once a breach has been confirmed.

Corcoran followed that playbook. After the brokerage confirmed the
leak last Friday, it launched an investigation and notified both
agents and other brokerages to confirm no client data was compromised.
Corcoran also said it was involving law enforcement, a third-party
forensic investigator and treating the incident as criminal. The
brokerage declined to comment for this story.

Greg Kelley, who leads forensic investigation company Vestige and is
not involved in Corcoran’s case, said costs for auditing hardware
alone — which is typically done during an investigation — can run up a
bill of up to $10,000 per device. He also said it’s unusual for law
enforcement to get involved unless someone is physical danger or a
large sum of money is involved.

Navetta, the attorney, also said Corcoran’s breach was unusual.

“Most of the time in the real estate industry when I’ve seen breaches,
they’re going for the money,” he explained. “I don’t see why someone
would do this, a normal hacker, without something else behind it.”

To many industry leaders, however, the sharing of this information
represents an unprecedented attack. The Corcoran data exposed included
agents’ earnings, splits and details of their employment agreements
such as marketing budgets.

“We’ve never seen anything like that,” said Shapiro. “This is 100
percent either an inside job or some corporate espionage. 100 percent.
This is not some random hacker.”

Lawrence Pearson, an employment lawyer at Wigdor LLP, noted that if a
competitor was behind the breach, or used data from the breach in
hiring, they could be exposed to lawsuits from both Corcoran and
agents, whose compensation history was exposed.

For several insiders, Corcoran’s biggest issue is likely agents who
saw the documents and may feel mistreated or undervalued by

“Agents just see that and it creates havoc,” said BHS’ CEO Bess
Freedman. But underscored that the leaked documents are only a small
piece of a brokerage’s overall business. “It’s not conclusive, or it’s
not total,” she said.

But sources told The Real Deal earlier this week that some agents are
upset about what they saw, or heard about.

“It’s like turning a family against each other,” one industry source
said. “The best thing to do is never to make that list.” That’s
actually protocol at other firms, according to some executives.

“It’s insane to me that would even be available to be hacked,” said Shapiro.

More information about the BreachExchange mailing list