Cyber Incident Victim: Foxtons Group

The Foxtons Group, a UK-based estate agency and parent company of mortgage broker Alexander Hall, experienced a malware attack on October 10, 2020. Two days later, on October 12, 2020, compromised customer data appeared publicly on the dark web. The exposed records included 16,000 payment card details, physical addresses, and private correspondence such as records of paid fees, primarily from customers who had engaged with Foxtons Group services before 2010. Forensic analysis indicated the attacker exfiltrated this historical data during the October intrusion. The dark web listing remained accessible for at least four months, accumulating over 15,000 views by February 2021. Foxtons initially downplayed the breach’s severity, publicly stating in October that no sensitive customer information had been stolen and asserting subsidiary Alexander Hall was the only affected entity.

Subsequent investigations revealed Foxtons became aware of the dark web exposure by January 2021 but did not proactively notify impacted customers during the following month. Independent analysis by ProPrivacy confirmed 20% of the leaked payment cards remained active, creating ongoing fraud risks. The company maintained the stolen data was "old and incomplete," arguing it couldn’t facilitate financial harm or third-party misuse. Foxtons disclosed the breach to the UK Information Commissioner’s Office (ICO) and Financial Conduct Authority (FCA) in 2020, asserting regulatory compliance. Digital privacy experts contested the company’s risk assessment, noting the hacker advertised pre-2010 records publicly while allegedly selling newer data privately. The ICO initiated an investigation into Foxtons’ breach notification practices and data handling procedures, though no fines had been imposed as of the February 2021 disclosure.