Housing providers hit by crypto scam after cyber attack
A proptech company that has just completed a $100m (£73m) fundraise to back global expansion is fighting to keep some of its biggest UK clients after a cybersecurity attack exposed them to a crypto scam.
Housing associations L&Q, Notting Hill Genesis, Peabody and Penge Churches have had tenant data stolen from proptech partner Plentific, while Legal & General Affordable Homes has suspended its own work with the company.
Plentific helps housing providers to manage repairs and maintenance digitally. The company oversees more than 350,000 properties in the UK, the US and Germany, with other clients including Knight Frank and Hammersmith & Fulham Council.
A proptech company that has just completed a $100m (£73m) fundraise to back global expansion is fighting to keep some of its biggest UK clients after a cybersecurity attack exposed them to a crypto scam.
Housing associations L&Q, Notting Hill Genesis, Peabody and Penge Churches have had tenant data stolen from proptech partner Plentific, while Legal & General Affordable Homes has suspended its own work with the company.
Plentific helps housing providers to manage repairs and maintenance digitally. The company oversees more than 350,000 properties in the UK, the US and Germany, with other clients including Knight Frank and Hammersmith & Fulham Council.
Plentific was hit by a cyber attack on its system at the end of last month, with tenants’ contact details stolen in the data breach. Some of those tenants have since received phishing emails from scammers that appear to be from Plentific or their housing association, advising them to pay for repairs and maintenance in cryptocurrency. L&Q, Notting Hill Genesis and Penge Churches warned residents of the threat earlier this month.
Peabody, Notting Hill Genesis and L&Q have reported the incident to the Information Commissioner’s Office and the Regulator for Social Housing.
A Plentific spokesman said the company is taking “extensive steps… to ensure a similar incident will not occur in future”.
A spokesman for L&Q said residents’ safety is its “number-one priority” and that it is “working closely with Plentific to understand what caused this incident”.
They added: “Pending the outcome of these investigations, we have suspended all new work with Plentific and stopped uploading data to its system, with the exception of any data required to complete any work already in progress.”
Legal & General Affordable Homes, which was working on what a spokesman called a “feasibility platform” with Plentific, has also suspended its work with the company.
“We have paused our pilot with Plentific while we further investigate the impacts of the data breach and continue to prioritise high-quality customer service, security and wellbeing for all our residents,” the spokesman said.
A Notting Hill Genesis spokesman said: “We are aware that some Notting Hill Genesis residents could have received a phishing email requesting the transfer of digital currency, claiming to be from our repairs partner Plentific. We are not aware of any residents being adversely affected by the incident. For the majority of cases, it is likely that any such email went straight into spam folders.
“In the interest of transparency and as a precaution, we have written to all residents we understand were sent the phishing email to let them know what has happened and to ask them to be alert for suspicious emails.”
Peabody also said its tenants may have been affected by the data breach and received phishing attempts via emails and texts.
“These emails and texts may have been sent to a small number of Peabody residents, and are likely to have ended up in spam folders due to the content being about bitcoin,” a Peabody spokesman said. “We take data security extremely seriously and wrote to all residents as a precaution and as a reminder to be alert to any suspicious communications.”
A Plentific spokesman said: “On 26 July, Plentific detected unauthorised access that resulted in phishing emails being sent to some contacts within the Plentific database. We immediately took action to remediate the issue, informed all potentially impacted parties and took a number of steps to prevent any further activity, including engaging with third-party cybersecurity and privacy experts. We are unable to comment on how many customers have had tenants affected, but we can confirm not all client or tenant data was impacted.
“We have continued to actively monitor our systems for any evidence of unauthorised access and no further suspicious activity has been identified. We take the security of our clients’ data incredibly seriously and are working closely with all those impacted to advise on the extensive steps we have taken, and continue to take, to ensure a similar incident will not occur in future.”
Plentific was founded in 2013 by chief executive Cem Savas and chief technology officer Emre Kazan. This week the company said it had secured $100m in new funding from new and existing backers including A/O PropTech, Target Global, Highland Europe and Brookfield Technology Partners to help it expand in the US.
Announcing the funding round, Savas said Plentific has “only just scratched the surface of a $2.5tn potential market opportunity”.
To send feedback, e-mail tim.burke@eg.co.uk or tweet @_tim_burke or @EGPropertyNews
Photo © Pixabay
