In April 2011, hackers carried out a cyber-attack on Sony’s PlayStation Network and managed to snag personal information from 77 million users. At that time, it was one of the largest data security breaches in history, and Sony treated the entire attack as an outage until the company finally confessed after the service had been down a full week. It would be the fourth-worst cyber-attack in history, and Sony would face billions of dollars in lawsuits and damages. Oddly, the company elected to offer only access to games as compensation initially, despite leaders from many countries criticizing the company for failing to notify victims of the attack.
Ultimately, the case against Sony was dismissed by a California judge who said that “there is no such thing as perfect security” although the U.K. charged the company a £250,000 penalty for putting its customers’ security at risk. Sony did eventually implement a $1 million identify-theft insurance policy for users. The outage and attack ultimately cost the company about $171 million, according to Sony’s public statement on the topic.
Today, no company or individual experiencing a breach like this one should expect to get off nearly this easy. As National Association of Realtors (NAR) staff attorney Maame Nyamekye explained, “You’re putting your livelihood at risk if you’re asleep at the wheel when it comes to creating a data security plan, especially as the real estate industry faces growing cyberthreats.” She added, “A data security breach could potentially hurt your business financially, lead to a lawsuit, and tarnish your reputation.”
Although real estate investors and real estate professionals participate in a financial transaction that is, for many people, the biggest they will ever conduct in their lifetime, only about one-third of real estate-sector companies report having official programs in place to “detect, prevent, and respond to fraud threats,” reported tax services firm KPMG.
For real estate professionals and those engaged in real estate transactions, fraud, compliance risk, and cyberattacks are the biggest threats to business. These three issues create what KPMG calls a “threat loop” that can overwhelm a company with financial losses, regulatory issues and related losses, and the destruction of a professional reputation.
“Despite the potential for calamity, the majority of U.S. companies are not ready to fight the threat loop,” observed KPMG forensic service network leader Amanda Rigby.
According to Nyamekye, real estate professionals should be aware of the following:
- Where personal information on clients is stored and who can access it
- How long that information is retained and how it is destroyed (did you know your state probably has laws governing the destruction process?)
- What safety measures your company has in place to protect clients’ personal information and prevent unauthorized access