Hackers gained access to sensitive information about members of the California Association of Realtors (CAR) through a CAR–affiliated Association of Realtors (AOR) website.
CAR’s online store was infiltrated by hackers between March 13 and May 15, 2017, according to the San Diego Union Tribune. CAR affiliates use the online store to purchase real estate forms, publications and CAR merchandise.
Sensitive information pilfered by hackers included member-user’s:
- credit card number;
- credit card expiration date; and
- credit card verification code.
All in all, CAR estimates the information of about 1,000 member-users was stolen.
How did it happen?
CAR’s online store was equipped with malware and virus protection software. However, hackers were still able to infiltrate the system and pillage member-user information for over two months before a user noticed and tipped off CAR.
As penance to its affected members, CAR is offering LifeLock credit card monitoring free for one year, according to the Orange County Register. They have also changed their billing practices, channeling payments through PayPal rather than processing critically sensitive credit card information directly through its site.
Don’t get hacked too — how to protect against hacks and malware
Hacks and stolen payment information have seen a surge in the news recently.
Just in May of this year, DocuSign — used by real estate agents everywhere to electronically submit signatures — reported a hack which led to the sharing of over 100 million email addresses, according to the Monterey County Association of Realtors.
In 2015, the National Association of Realtors reported scammers were hacking into real estate agent and broker emails and sending fraudulent requests for funds to clients.
With real estate business increasingly taking place digitally and exclusively through online platforms, a rise in this sort of malicious activity may seem inevitable. But you can — and need to — protect yourself and your clients from fraud.
Here are some tips to protect you and your clients’ information online:
- do not send information over email like online passwords, bank account numbers or credit card information;
- educate your clients about the dangers of sharing information over email and instruct them to never send sensitive information online, but to call or tell you in-person;
- change passwords and usernames on a regular basis, and don’t use the same ones on multiple sites;
- update software on your computer with each new update, as hackers can (and do) gain access to computers running old versions of software, while newer versions have provided patches for old vulnerabilities;
- never download attachments from unknown sources, as these could be doors for hackers or a virus to enter your computer; and
- regularly check your bank account and credit card statements for unauthorized transactions.
When a hack does occur and your personal information is compromised — as it recently did for some CAR members — notify your bank immediately.
Also, depending on the nature of the hack, consider notifying your clients if you think their information has been compromised or if they need to delete potentially fraudulent emails from a hacker claiming to be you. It’s better to address the breach of security immediately when it is discovered — not two months down the line.