A November cyber attack has Limited Realty warning its clients their data may have been breached.
Staff member likely had password compromised, Markham company says
Markham-based Living Realty is warning its clients that their personal information may have been breached in a November cyberattack.
A letter from the company dated Jan. 14 warns that hackers gained access to purchase and sales agreements, mortgage approvals, cheques, driver’s licences, passport information, social insurance numbers and the forms that real-estate brokerages file to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), the agency in charge of tracking and preventing money laundering.
“The breach was likely the result of a staff member who had their password compromised, which was then used to exploit entry into our systems,” said the company’s notice. Living Realty did not return calls or an email from the Star.
The information in the company’s database dates back at least five years, according to an application filed with the Ontario Superior Court of Justice by one client, who would be the plaintiff in a proposed class action suit.
The client, who received the letter from the brokerage outlining the breach, sold a downtown Toronto condo in May 2015 and bought a house in Markham that summer through Arthur Wong of Living Realty. The claim alleges that Living Realty failed to comply with privacy regulations and protect its client’s personal information.
The case has to be certified as a class action before it can be brought forward on behalf of others whose data was compromised, said Ted Charney, the lawyer representing the condo seller in the proposed class action.
“In my opinion, the client information accessed in this breach is highly sensitive. In the wrong hands it can be used to commit identity fraud, title fraud, mortgage fraud or to cause damage to your credit reputation,” Charney said in a news release on Friday.
Living Realty’s letter to clients does not offer any credit monitoring to those affected by the breach, but it advises them to monitor their own credit reports and account statements for up to three years.
The industry’s regulator, the Real Estate Council of Ontario, would not say how often privacy breaches occur in the sector.
The Office of the Privacy Commissioner of Canada confirmed it has been in communication with Living Realty and has requested more information to determine next steps.
“The law requires that notification to individuals be given as soon as feasible after the organization has determined that a breach of security safeguards involving a real risk of significant harm has occurred,” it said in response to questions from the Star.
Under Canada’s privacy laws, organizations may only keep personal information for as long as it is needed to serve those purposes, it wrote.
Living Realty’s website says the company was formed in 1980 and has more than 700 employees and agents.