Cyber Incident Victim: LandMark White

On or around January 23, 2019, LandMark White (LMW), a major valuation firm servicing Australian banks, experienced a data breach involving an exposed programming interface on one of its valuation platforms. The breach resulted in the leakage of personal information belonging to up to 100,000 customers, including property valuations, phone numbers, dates of birth, first and last names, residential addresses, and contact numbers of homeowners, residents, and property agents. LMW confirmed the breach was isolated to a single system, contained no loan application details or financial/identity documents, and showed no evidence of misuse. The company closed the compromised interface on January 23 after identifying it as the source. External advisors verified the breach’s containment, with no ongoing suspicious network activity detected. LMW directors and franchise owners subsequently engaged in talks with clients to address identity theft concerns, while chairman Keith Perrett emphasized continuous communication with business partners regarding what he termed a "complex attack."

The incident triggered significant operational and financial repercussions. By February 13–14, 2019, National Australia Bank (NAB), Commonwealth Bank, and ANZ Banking Group suspended their use of LMW’s services, citing customer data security as paramount. LMW’s share price fell 2.3% to 42.5¢ following NAB’s announcement, compounding existing financial strain. Prior to the breach, LMW had already issued a 25% profit downgrade for the first half of FY2019, attributing reduced valuation volumes to tighter APRA credit regulations and lender reactions to the Banking Royal Commission. The breach exacerbated these challenges, though LMW maintained that disclosed data lacked sensitive financial or identity documents and reiterated the absence of evidence regarding misuse of leaked information.