Cyber Attacks on Corelogic

  • 262
Peter Christensen
Latest posts by Peter Christensen (see all)

Cyber Threats Are Real Risks to Appraisal Firms. Corelogic's Data HackedRecent Cyber Attacks on CoreLogic and a Large Appraisal Firm Expose a Real Business Risk to Valuation Firms and Companies.

As two recent attacks show, cyber crimes pose a real risk – legally and economically – to appraisal firms, management companies and other businesses involved in property analytics. If an operation like CoreLogic can be victimized by criminal hackers seeking property information, as it was in an attack earlier this month, any valuation firm or property analytics company is at risk. And, more seriously, the losses suffered by an appraisal firm in the separate cyber attack discussed below demonstrate how devastating the financial harm can be from an attack that spills valuation data onto the “dark web.” That appraisal firm, with 350+ commercial and residential appraisers in Australia, has been suspended for new appraisal orders by the four biggest banks in that country and by other clients as well.

CoreLogic’s “Risk Meter” Database Hacked

Last week, property analytics company CoreLogic filed a unique lawsuit in U.S. District Court, disclosing that it had been victimized by a malicious hacking of one of its many databases. Perhaps it was because of the innocuous case title (CoreLogic, Inc. v. John Does 1-10), but I haven’t yet seen any public media reporting about the case, as of today February 28. In the lawsuit, Corelogic sued 10 defendants, named John Does 1 through 10. The reason that all of the defendants are identified as “John Does” is that CoreLogic does not know the actual identity of any of the persons it is suing. All that CoreLogic knows about them is that they hacked into a CoreLogic database used for a property analytics application called “Risk Meter,” copied the contents, and stole the data by moving it to an external server. And, it knows the IP addresses from which the attacks may have been staged.

Here are the specific allegations from CoreLogic’s complaint:

Allegations from CoreLogic's complaint

CoreLogic says that the Risk Meter application provides “natural hazard risk reports and highly granular risk data, including data that could identify information associated with particular real properties.” Within the stolen data are “client user identification and password information, user information, and real property data.” It does not appear to be a critical or material problem for CoreLogic. There is no indication that any data spilled publicly or that it involved consumer records. That’s probably because CoreLogic has a capable tech and legal team – most other valuation firms and companies don’t have the same resources to deal with criminal hackers.

The immediate action that CoreLogic’s capable lawyers (O’Melveny & Myers) are pursuing is for permission from the federal court to serve subpoenas on the two web hosting companies associated with the IP addresses tied to the hackers. CoreLogic hopes that this will enable the hackers to be identified and that CoreLogic can then name them in the lawsuit to seek appropriate injunctions and damages.

Cyber Attack on Appraisal Software Platform Puts Valuation Data on the “Dark Web”

In a separate, more consequential matter, an appraisal firm LandMark White (or LMW), one of the largest in Australia with 350+ appraisers, announced earlier this month that it had been victimized by an extensive cyber theft of data relating to valuation services performed over as much as an eight-year span from 2011 to 2019. In this incident, the company says that cyber thieves accessed the valuation data in one of the company’s software platforms “via an exposed programming interface” and that the data ended up being made “publicly available on the dark web” by the thieves. Coincidentally, in one of its initial descriptions of the situation, LandMark White stated that it was alerted to the data theft by CoreLogic. Unfortunately, LandMark White has had to disclose that it failed to act on some of the other early warnings it received, including posts on Twitter about the hacked data.

LandMark White has indicated that the dataset contains:

  • approximately 137,500 unique valuation records, and approximately 1,680 supporting documents.
  • approximately 250,000 individual records in total but a lot of records are duplicates.
  • the date of the documents range between approximately 4 January 2011 and 20 January 2019.

To say the least, this is a giant problem for the firm. For one thing, the firm has had to publish a notice to potentially affected consumers informing them: “If you are concerned, you should consider requesting that a ‘credit ban’ be put in place while you investigate further…” Australian news reports have indicated that the firm’s banking clients may have to notify over 100,000 borrowers. Another problem is that many of the firm’s largest clients – including Australia’s four biggest banks – have suspended placing any further appraisal orders with the firm. The firm has stated “we are unable to ascertain when these clients will reinstate LMW and hence when LMW will be in a position to assess with any certainty the financial impact of the incident.” And, finally, since the firm is a public company in Australia, after an immediate drop in its stock price as the attack became public, the trading in its stock has been suspended until further notice. If this occurred in the United States, consumer and shareholder class actions would surely follow next.

So, that’s the stark reality. Cyber threats are real risks to appraisal firms and to any businesses involved in valuation or property analytics. The risks concern both liability exposure and business economic losses. Any firm is certainly at risk, given that a powerhouse like CoreLogic itself can fall victim. At this point in time, however, I would estimate that fewer than 1% of appraisal firms in the U.S. carry any meaningful cyber crime coverage and that fewer than 5% of appraisal management companies carry it. This kind of coverage is neither difficult to obtain nor expensive – some experts have said that insurance carriers are not yet pricing the developing risk sufficiently (in other words, the coverage is a good value for the insured).

Image credit flickr - Frank Lindecke
Peter Christensen

Peter Christensen

Peter Christensen is an attorney, licensed in California and Washington. His legal practice primarily serves the real estate valuation community - Valuation Legal. He's the author of Risk Management for Real Estate Appraisers and Appraisal Firms, published by the Appraisal Institute.

You may also like...

14 Responses

  1. Ross Grannan on Facebook Ross Grannan on Facebook says:

    Core Logic is so big now of course they are a target for hackers. So much much for the vault at a la modes web site and the data master, smart exchange, if that gets hacked? Good times.

  2. Baggins Baggins says:

    Hey, Corelogic is the MLS provider in Denver, Colorado! I told them something like this would happen.

  3. Avatar SB says:

    This explains why CLGX stock tanked the other day.

    And of course no explanations or statements from their IDIOT CEO who sold 10,000 shares of stock last week.

    I would bet there have been numerous attacks we know nothing about.

    Core Logic, FNMA, Freddie are all “Pearl Harbors” of data.

    Frank Martell CEO parted with a total of 10 thousand shares of CoreLogic, Inc. (CLGX) at average share price of $40.01. This insider trade in the company took place on 02/21/2019. The total for the sales was set at $400.1 thousand. After this transaction, the President & CEO account balance stood at 262.34 thousand shares.

    The stock lost -7.95 percent since that insider sale.

  4. Ross Grannan on Facebook Ross Grannan on Facebook says:

    They control the MLS in all of Connecticut, they haven’t bought up Berkshire County MLS yet. This is some serious fraud waiting to happen, especially if Banks get their way with remote hybrid appraisals.

  5. ROFLM*O!

    I’m finding it difficult to gin up any sympathy or even empathy for a company that is infamous for its own data thefts from appraisers BEFORE FNMA licensed it to ‘steal’ our data without our permission.

    While Peter points out a very serious and real risk with online and cloud data storage; one that has been known to affect even the Pentagon, if federal regulators or anyone else were truly concerned about it, they’d change ALL report deliveries back to emailed pdfs; perhaps using an encryption system such as GERS like the federal government does.

    While pdf format can also be manipulated it seems to be much harder since it is essentially a picture. Even conversion software takes time to use. If hacked and accessed, pdfs have to be manipulated one at a time rather than having all the component elements already able to be ‘mined’ identified or stripped out.

    I doubt anyone could make a case for appraiser liability in the process. We have fought it in public; and the bottom line is that IF we want to conduct business with a GSE we are required as a condition of doing business with them, to use the delivery format they choose.

    Besides, let someone prove hacking occurred before the CU or other upload portals. Anything after that is on FNMA when they share it back with corelamode.

  6. Baggins Baggins says:

    Indirectly related. I think someone said the housing market should be ran like the stock market, that technological advancements in real estate is inevitable…

    What is high frequency trading? Stuff they don’t want you to know.

  7. Becky Lowell on Facebook Becky Lowell on Facebook says:

    Oh they don’t like having data stolen? Lol LOL … Twas probably you know who.

  8. Mike Ford on Facebook Mike Ford on Facebook says:

    Now THAT is funny. Karma at it’s best.

  9. Becky Lowell on Facebook Becky Lowell on Facebook says:

    Mark Skapinetz yup wonder wink

  10. Avatar Certresid says:

    Oh yeah folks. This is just the beginnings. Once they start hacking the biggies it will spawn out to others.

    Go ahead. Start complying wit the new AMC requests for Appraiser DL and vehicle info. NOT!


Leave a Reply

We welcome critical posts & opposing points of view. We value robust & civil discourse. You may openly disagree, but state your case in an atmosphere of mutual respect, in which everyone has a right to a particular view about the topic of conversation. Please keep remarks about the topic at hand, & PLEASE avoid personal attacks. If the poster gets you upset, it is the Internet, you can walk away from it.

Personal attacks harm the collegial atmosphere we encourage on AppraisersBlogs.

Your email address will not be published. Required fields are marked *

xml sitemap

Cyber Attacks on Corelogic

by Peter Christensen time to read: 4 min