By Harris Freier
On Sept. 7, 2022, the government of Suffolk County, New York, became the victim of a ransomware attack. The attack allowed hackers to access personal data of Suffolk County citizens and resulted in the shutdown of many critical Suffolk County resources. Weeks later, the County is still working to rebuild servers and infrastructure so that these resources can be brought back online. This blackout has impacted everything from Suffolk County schools to real estate.
Most real estate transactions have been on indefinite hold in Suffolk County since the attack. Because government websites and databases are shut down, most buyers and lenders have been unable to check titles and ensure that they are free from any encumbrances. The filing of titles is also delayed, as buyers cannot use the County’s online systems to record their claim. In a state like New York that prioritizes the first filed title claim, this could have serious implications if a dispute regarding title arises. Buyers and sellers alike may face unexpected financial consequences, such as losing contracts or needing to find temporary housing, if they cannot close their deals on time. This comes at a particularly bad time as mortgage interest rates are increasing, and the title delays are causing corresponding financial harm to buyers.
Cyber criminals target real estate
The real estate industry has become a growing target for cyberattacks. Real estate transactions require valuable and sensitive information, including personal and financial details for buyers, sellers and real estate organizations. Many of these transactions require that sensitive files, such as credit reports and mortgage documents, be transmitted over email and mobile devices or accessed through cloud storage services. In the case of Suffolk County, hackers used their access to the County’s servers to steal this information, among other records, and have threatened to release it online if the County does not pay a ransom.
In 2015, a Manhattan-based real estate company discovered that a hacker had infiltrated their database of commercial properties nearly 200 times in one year. Because these files are usually secured by a paywall, the company suffered over $350,000 in damages from the unauthorized access. Six years later, in 2021, real estate and property management firm Douglas Elliman discovered that its systems had been breached. This breach exposed sensitive data, including individuals’ Social Security numbers, passport details and financial and banking information.
Defending against cyberattacks
Real estate organizations should be prepared to prevent or mitigate possible cyberattacks. This may involve investing in a cybersecurity audit to pinpoint and address vulnerabilities, which many real estate organizations may not be aware exist. For example, First American, the nation’s leading title insurance company, became aware that it had unintentionally left nearly 900 million customer records vulnerable to unauthorized access between 2003 and 2019 after an unconnected developer discovered the security risk. A cybersecurity audit could have alerted First American to this issue much sooner.
Cybersecurity training is also imperative to preventing a data breach. Many organizations are first attacked because employees or associated entities are not familiar with hackers’ methods and tricks. Phishing emails, for example, catch many individuals off guard and result in extensive data breaches for companies. Real estate organizations should ensure that their employees are aware of the cybersecurity risks in this field.
Bottom line
Though real estate organizations were not directly targeted in the Suffolk County hack, they, along with buyers and sellers, are facing the consequences. The hack in Suffolk County has caused the local real estate industry to temporarily shut down, and many individuals are left to wonder if their records were accessed. The real estate industry is an increasingly attractive target for cyberattacks because of the sensitive records that are involved in real estate transactions. These records often contain highly sensitive data, including financial and personally identifying information, that must be secured against unauthorized access. All companies involved in real estate should invest in cyber insurance and seek legal counsel as necessary if and when breaches occur.
For more information and guidance to deal with cybersecurity issues and related matters, please contact Genova Burns LLC Privacy & Cybersecurity Practice Chair Harris Freier via email here or call 973-535-2079.
