Cyber Attacks on Corelogic

Peter Christensen

Cyber Threats Are Real Risks to Appraisal Firms. Corelogic's Data HackedRecent Cyber Attacks on CoreLogic and a Large Appraisal Firm Expose a Real Business Risk to Valuation Firms and Companies.

As two recent attacks show, cyber crimes pose a real risk – legally and economically – to appraisal firms, management companies and other businesses involved in property analytics. If an operation like CoreLogic can be victimized by criminal hackers seeking property information, as it was in an attack earlier this month, any valuation firm or property analytics company is at risk. And, more seriously, the losses suffered by an appraisal firm in the separate cyber attack discussed below demonstrate how devastating the financial harm can be from an attack that spills valuation data onto the “dark web.” That appraisal firm, with 350+ commercial and residential appraisers in Australia, has been suspended for new appraisal orders by the four biggest banks in that country and by other clients as well.

CoreLogic’s “Risk Meter” Database Hacked

Last week, property analytics company CoreLogic filed a unique lawsuit in U.S. District Court, disclosing that it had been victimized by a malicious hacking of one of its many databases. Perhaps it was because of the innocuous case title (CoreLogic, Inc. v. John Does 1-10), but I haven’t yet seen any public media reporting about the case, as of today February 28. In the lawsuit, Corelogic sued 10 defendants, named John Does 1 through 10. The reason that all of the defendants are identified as “John Does” is that CoreLogic does not know the actual identity of any of the persons it is suing. All that CoreLogic knows about them is that they hacked into a CoreLogic database used for a property analytics application called “Risk Meter,” copied the contents, and stole the data by moving it to an external server. And, it knows the IP addresses from which the attacks may have been staged.

Here are the specific allegations from CoreLogic’s complaint:

Allegations from CoreLogic's complaint

CoreLogic says that the Risk Meter application provides “natural hazard risk reports and highly granular risk data, including data that could identify information associated with particular real properties.” Within the stolen data are “client user identification and password information, user information, and real property data.” It does not appear to be a critical or material problem for CoreLogic. There is no indication that any data spilled publicly or that it involved consumer records. That’s probably because CoreLogic has a capable tech and legal team – most other valuation firms and companies don’t have the same resources to deal with criminal hackers.

The immediate action that CoreLogic’s capable lawyers (O’Melveny & Myers) are pursuing is for permission from the federal court to serve subpoenas on the two web hosting companies associated with the IP addresses tied to the hackers. CoreLogic hopes that this will enable the hackers to be identified and that CoreLogic can then name them in the lawsuit to seek appropriate injunctions and damages.

Cyber Attack on Appraisal Software Platform Puts Valuation Data on the “Dark Web”

In a separate, more consequential matter, an appraisal firm LandMark White (or LMW), one of the largest in Australia with 350+ appraisers, announced earlier this month that it had been victimized by an extensive cyber theft of data relating to valuation services performed over as much as an eight-year span from 2011 to 2019. In this incident, the company says that cyber thieves accessed the valuation data in one of the company’s software platforms “via an exposed programming interface” and that the data ended up being made “publicly available on the dark web” by the thieves. Coincidentally, in one of its initial descriptions of the situation, LandMark White stated that it was alerted to the data theft by CoreLogic. Unfortunately, LandMark White has had to disclose that it failed to act on some of the other early warnings it received, including posts on Twitter about the hacked data.

LandMark White has indicated that the dataset contains:

  • approximately 137,500 unique valuation records, and approximately 1,680 supporting documents.
  • approximately 250,000 individual records in total but a lot of records are duplicates.
  • the date of the documents range between approximately 4 January 2011 and 20 January 2019.

To say the least, this is a giant problem for the firm. For one thing, the firm has had to publish a notice to potentially affected consumers informing them: “If you are concerned, you should consider requesting that a ‘credit ban’ be put in place while you investigate further…” Australian news reports have indicated that the firm’s banking clients may have to notify over 100,000 borrowers. Another problem is that many of the firm’s largest clients – including Australia’s four biggest banks – have suspended placing any further appraisal orders with the firm. The firm has stated “we are unable to ascertain when these clients will reinstate LMW and hence when LMW will be in a position to assess with any certainty the financial impact of the incident.” And, finally, since the firm is a public company in Australia, after an immediate drop in its stock price as the attack became public, the trading in its stock has been suspended until further notice. If this occurred in the United States, consumer and shareholder class actions would surely follow next.

So, that’s the stark reality. Cyber threats are real risks to appraisal firms and to any businesses involved in valuation or property analytics. The risks concern both liability exposure and business economic losses. Any firm is certainly at risk, given that a powerhouse like CoreLogic itself can fall victim. At this point in time, however, I would estimate that fewer than 1% of appraisal firms in the U.S. carry any meaningful cyber crime coverage and that fewer than 5% of appraisal management companies carry it. This kind of coverage is neither difficult to obtain nor expensive – some experts have said that insurance carriers are not yet pricing the developing risk sufficiently (in other words, the coverage is a good value for the insured).

Image credit flickr - Frank Lindecke
Peter Christensen

Peter Christensen

Peter Christensen is an attorney, licensed in California and Washington. His legal practice primarily serves the real estate valuation community - Valuation Legal. He's the author of Risk Management for Real Estate Appraisers and Appraisal Firms, published by the Appraisal Institute.

You may also like...

16 Responses

  1. Ross Grannan on Facebook Ross Grannan on Facebook says:

    Core Logic is so big now of course they are a target for hackers. So much much for the vault at a la modes web site and the data master, smart exchange, if that gets hacked? Good times.

    6
  2. Baggins Baggins says:

    Hey, Corelogic is the MLS provider in Denver, Colorado! I told them something like this would happen.

    7
  3. Avatar SB says:

    This explains why CLGX stock tanked the other day.

    And of course no explanations or statements from their IDIOT CEO who sold 10,000 shares of stock last week.

    I would bet there have been numerous attacks we know nothing about.

    Core Logic, FNMA, Freddie are all “Pearl Harbors” of data.

    Frank Martell CEO parted with a total of 10 thousand shares of CoreLogic, Inc. (CLGX) at average share price of $40.01. This insider trade in the company took place on 02/21/2019. The total for the sales was set at $400.1 thousand. After this transaction, the President & CEO account balance stood at 262.34 thousand shares.

    The stock lost -7.95 percent since that insider sale.

    6
  4. Ross Grannan on Facebook Ross Grannan on Facebook says:

    They control the MLS in all of Connecticut, they haven’t bought up Berkshire County MLS yet. This is some serious fraud waiting to happen, especially if Banks get their way with remote hybrid appraisals.

    6
  5. ROFLM*O!

    I’m finding it difficult to gin up any sympathy or even empathy for a company that is infamous for its own data thefts from appraisers BEFORE FNMA licensed it to ‘steal’ our data without our permission.

    While Peter points out a very serious and real risk with online and cloud data storage; one that has been known to affect even the Pentagon, if federal regulators or anyone else were truly concerned about it, they’d change ALL report deliveries back to emailed pdfs; perhaps using an encryption system such as GERS like the federal government does.

    While pdf format can also be manipulated it seems to be much harder since it is essentially a picture. Even conversion software takes time to use. If hacked and accessed, pdfs have to be manipulated one at a time rather than having all the component elements already able to be ‘mined’ identified or stripped out.

    I doubt anyone could make a case for appraiser liability in the process. We have fought it in public; and the bottom line is that IF we want to conduct business with a GSE we are required as a condition of doing business with them, to use the delivery format they choose.

    Besides, let someone prove hacking occurred before the CU or other upload portals. Anything after that is on FNMA when they share it back with corelamode.

    4
  6. Baggins Baggins says:

    https://www.stufftheydontwantyoutoknow.com/videos/stdwytk-high-frequency-trading-video.htm

    Indirectly related. I think someone said the housing market should be ran like the stock market, that technological advancements in real estate is inevitable…

    What is high frequency trading? Stuff they don’t want you to know.

    3
  7. Becky Lowell on Facebook Becky Lowell on Facebook says:

    Oh they don’t like having data stolen? Lol LOL … Twas probably you know who.

    5
  8. Mike Ford on Facebook Mike Ford on Facebook says:

    Now THAT is funny. Karma at it’s best.

    1
  9. Becky Lowell on Facebook Becky Lowell on Facebook says:

    Mark Skapinetz yup wonder wink

    1
  10. Avatar Certresid says:

    Oh yeah folks. This is just the beginnings. Once they start hacking the biggies it will spawn out to others.

    Go ahead. Start complying wit the new AMC requests for Appraiser DL and vehicle info. NOT!

    1
  11. Avatar Gail Gardner says:

    I wonder how many know that appraisers are now insisting on photographing every room INSIDE your house? And most probably take those photos with a smart phone that adds a time and date stamp + the exact location the photo was taken.

    That all ends up in the cloud where anyone can hack it. Appraisers are now a dream for robbers, jewelry and art thieves, and even your everyday crook looking for items to turn into fast cash.

    When will someone step up and start a class action suit to stop this invasion of people’s privacy? Few have any idea what the risk is or how high resolution photos are today. They can be blown up to examine every detail and read anything in the photo.

    How many do you want to know every book on your bookshelf and have a copy of every personal photo someone might have hanging on the walls? And as food shortages and inflation continue to get worse, even everyday items that might be sitting in your kitchen could be targeted.

    Appraisers blame their customers. Well someone should be paying to move everything out of our houses and back into it for them to take these photos. And paying for our time and inconvenience, too.

    But the actual solution is the Fourth Amendment being blatantly disregarded. Apparently, they don’t teach that in school anymore. So here is a copy of it in case you have never seen it or could use a refresher:

    ” Fourth Amendment

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

    How secure are you in your home knowing that anyone can demand to come in and take photos of everything you own if you don’t have the means and time to get them out of the house first? Photos that can be viewed in perpetuity (forever) are definitely a “search”!

    Home owners have a choice. Tenants do not. Some law office that wants to make a name for themselves should step up and start a class action lawsuit to stop this.

    0
    • Mike Ford Mike Ford says:

      Gail, there is a very simple solution. Don’t borrow money from lenders if you don’t want to follow their requirements concerning photos.

      As an appraiser, I always take care to avoid ‘shooting’ personally identifiable features (as well as pictures, religious icons, book titles etc.). Is it a perfect system? No. Do I personally care what you read or your race is or your political views? Not at all. Nor am I there to offer commentary on housekeeping. We know we often catch people at inconvenient times. I try to take pictures of physical property issues-not housekeeping issues.

      Do we ever take photos for our own benefit as opposed to lender requirements? Yes. We do it to remember features observed as opposed to the more lengthy process of writing notes. I also explain what I am doin and which photos will never make it beyond my own camera or computer. I dont put any photos up to Titan, CoreLogic’s AlaMode, but I cant guarantee that their software used by me doesn’t (without my specific consent) “grab” them.

      All ANY occupant has to do is let us know that we do not have their permission to photograph anything, or have only very limited permission for each specifically authorized photo.

      Please understand though that when we write down (report to our lender-client) that the owner or tenant refused/declined our request to photograph a property deficiency (a lender requirement) or the quick-release mechanism on window bars or to take representative room photos (lender requirement), in most cases they will not process the loan request further.

      They MAY require that we go back out to the property to take the ‘missing’ photographs. Many (if not most) of us will then charge an additional $150 to $250 for a return trip fee. If you are the owner-borrower it is paid directly by you to the AMC or lender involved. If you are the tenant, it is paid by your landlord.

      In my state, I have to give a tenant 60 days’ notice to vacate. I do not need ’cause’.

      As appraisers, we are not there to intentionally inconvenience anyone. We recognize our presence can be intrusive. We try to minimize inconvenience to all parties when possible.

      No one ‘demands’ to come into your home and take pictures. We ask consent to perform an appraisal. You are 100% within your rights to say “No.” Your lender is then 100% within THEIR rights to also say no to your loan. If you are a tenant you may have to look to your lease but certainly, I would respect any denial of permission to take photos or even to have an appraisal inspection. Then you can discuss ‘rights’ with your own landlord after they are denied their loan for not complying with the lender requirements.

      There is a reason no one comes forth to “make a name for themselves” by fighting a nonexistent ‘violation’ of your 4th Amendment.

      There is a trade-off for people today when it comes to convenience versus privacy, but ultimately it is always YOUR choice. Banks lending from (frequently) $250,000 to many millions of dollars have a right to set the conditions under which they wil lend that money. You as a consumer; property owner or tenant have the right to decide whether or not you are willing to comply with those requirements.

      2

Leave a Reply

We welcome critical posts & opposing points of view. We value robust & civil discourse. You may openly disagree, but state your case in an atmosphere of mutual respect, in which everyone has a right to a particular view about the topic of conversation. Please keep remarks about the topic at hand, & PLEASE avoid personal attacks. If the poster gets you upset, it is the Internet, you can walk away from it.

Personal attacks harm the collegial atmosphere we encourage on AppraisersBlogs.

Your email address will not be published. Required fields are marked *

xml sitemap

Cyber Attacks on Corelogic

by Peter Christensen time to read: 4 min
blank
blank