Conveyancing data breach

Conveyancing group Simplify experienced a cyber-attack in November which left thousands of home buyers unable to complete their housing transactions and leaving them at risk of a data breach. The firm’s systems were shut down, leaving some customers unable to exchange, complete or move home. Simplify Group reassured customers that their funds were safe and a police investigation was launched into the breach. Several weeks later, it was reported on Thisismoney.co.uk that customers had still not been told which personal data had actually been breached with some contacting data breach lawyers for assistance in the matter.

So what?

This story highlights how any real estate business can be at risk from a cyber-attack leaving its customers vulnerable to personal data breaches. Planning in advance will allow businesses to get on the front foot if they do fall victim to a breach resulting in a faster response and potentially less damage to the business and brand reputation.

Smart device protection

We saw a positive step forward for data security in November with the government announcing new legislation to improve the security of smart devices in people’s homes. The new rules ban default passwords for internet connected devices which should reduce the risk of them being hacked. This will be overseen by a regulator, which will have the power to fine companies who do not comply up to £10m or 4% of their global turnover.

The Product Security and Telecommunications Infrastructure Bill introduces three new rules:

  • easy to-guess default passwords preloaded on devices are banned. All products now need unique passwords that cannot be reset to factory default
  • customers must be told when they buy a device the minimum time it will receive vital security updates and patches. If a product doesn’t get either, that must also be disclosed
  • security researchers will be given a public point of contact to point out flaws and bugs

According to the BBC, the rules apply to both the manufacturers of digital products and businesses which sell cheap tech imports in the UK. The rules cover a range of devices, including smartphones, routers, security cameras, games consoles, home speakers and internet-enabled white goods and toys. You can read about this in more detail here.

So what?

Hackers are increasingly targeting smart products and devices to hack into people’s homes and access their personal information. This legislation is a good step towards preventing this type of cybercrime. However, we have also seen cases of cyber criminals hacking into corporate offices through smart devices or systems and this highlights the need for business to be vigilant with the security of their own systems.

Fake advertising

The BBC reported here on the story of a woman who paid £1,000 in deposit and rent for a fake rental property advertised on Facebook. Due to covid restrictions, the ‘agent’ told her she was unable to view inside the property. However, she was allowed to look through the windows which confirmed what she had seen online and she signed a contract and sent over her cash. Unfortunately, the keys to the property never arrived and it transpired that she had been duped out of her money.

So what?

Online scams have risen across all sectors during the Covid pandemic. This story highlights the risk of buying assets that aren’t real and the importance of good due diligence, particularly in a world where fake advertising is made easier with technology applications.

And finally….

The UK has a new Information Commissioner, John Edwards, who took over the role in January 2022 from Elizabeth Denham CBE. He was previously Privacy Commissioner for New Zealand. In his first month, he announced a major listening exercise to hear direct from businesses, organisations and people about their experiences of working with the ICO. This will include a survey, as well as a series of events held across the UK. The online survey can be found here.