LandMark White, Australia's largest independent property valuation and property consultancy firm, is reported to have exposed the home loan details of up to 100,000 customers in a recent security breach that the company is blaming on an insecure API. The company is claiming that the vulnerability was patched on January 23rd and that they have no reason to believe the data was disclosed to unauthorized parties.
As a result of the breach, many of the region's largest banking groups (NAB, Commonwealth Bank, and Australia and New Zealand Banking Group) have indefinitely suspended use of the valuer.
In addition to stating that the company has no reason to believe this information was ever accessed by unauthorized parties, they are also hoping to ensure customers that they are taking measures to ensure this doesn’t happen again. In a statement on February 5th, the company had this to say:
“We take the privacy and security of our data very seriously, and we are working closely with cyber security consultants to investigate the circumstances of the disclosure of the dataset,”
As we continue to see evidence of the perils of poor API security, it is more important than ever that companies take a holistic approach to ensuring the privacy of user data. For more help “Understanding The Realities of API Security” make sure to read ProgrammableWeb’s in-depth coverage of the topic.