fbpx

Foxtons Data Breach

THIS ACTION IS NOW CLOSED

At least 16,000 customers were affected after data stolen from Foxtons was found on the dark web. Foxtons decided not to warm its customers. This page explains how the Foxtons data breach happened. 

What happened in the Foxtons data breach?

In January 2021, London-based estate agent Foxtons discovered that it had experienced a huge data breach. But, despite an investigation finding 16,000 card details, addresses and correspondence related to this breach on the dark web, Foxtons did not tell its customers that criminals had accessed and exposed their data.

The attackers claimed they had released only 1% of the stolen data publicly. So, the 16,000 customer records found on the dark web could have been the tip of the iceberg. There were also concerns that the criminals could be selling records in secret.

A violation of trust?

While Foxtons knew about the data violation in January 2021, it decided not to inform the potential victims. During this time, hackers had free reign to sell and share this data and victims of the breach were not given the opportunity to adopt extra security measures to protect themselves from further theft and fraud.

Foxtons data breach timeline

  • October 2020
    Foxtons Group suffered a severe data breach. The breach forced the estate agency to shut down its customer portal (MyFoxtons) temporarily. The business was also unable to access customer and landlord contact details on its systems. Foxtons claimed that only Alexander Hall, its mortgage broking business, was affected by the data breach and that no 'sensitive data' was stolen.
  • January 2021
    Foxtons was informed that an investigation into the breach found 16,000 card details, addresses and correspondence related to this breach on the dark web, Foxtons did not tell its customers that criminals had accessed and exposed their data.
  • February 2021
    The media alerted Foxtons customers to the data breach and warned that around 20 per cent of the cards found online were still active.

Your questions answered

See our answers to the FAQs we get asked about the Foxtons Data Breach.

How did the security incident happen?

In October 2020, Foxtons Group suffered a severe data breach. The violation forced the estate agency to shut down its customer portal (MyFoxtons) temporarily. The business was also unable to access customer and landlord contact details on its systems.

What did Foxtons say about the breach?

Foxtons claimed that only Alexander Hall, its mortgage broking business, was affected by the data breach and that no ‘sensitive data’ was stolen. A spokesperson for the business said: “We are satisfied that the attack did not result in the loss of any data that could be damaging to customers and believe that the FCA and ICO are satisfied with our response”.

They added: “We have forensically been through all the stolen data and confirm it is both old and incomplete therefore not useable by a third party and not possible for it to cause financial loss or harm to those affected customers.”

However, according to media reports, the hackers stole vast amounts of personal and financial information from Foxtons, and they uploaded this data to the dark web.

Was the stolen Foxtons data out of date?

Unfortunately not. An investigation by iNews found that a database of more than 16,000 card details, addresses, and private messages, stolen from Foxtons’ systems, was uploaded on the dark web. This data had since been viewed more than 15,000 times.

Analysis of the available data showed that 20% of the debit cards found on the dark web were still active and included full card numbers and personal information.

How many people were involved in the data breach?

The attackers claimed they have released only 1% of the stolen data publicly. So the 16,000 customer records found on the dark web could have been the tip of the iceberg.