“Lessons must be learned from Simplify data hack” – NAPB
AN urgent review is needed into a data-hack which has created “misery” for tens of thousands of home buyers, a leading property expert says.
Property sales were halted last month when IT systems at the Simplify group, which delivers conveyancing services for leading estate agents including Purplebricks, were hit by a cyber attack.
The hack created “mayhem” in chains across the UK – with some people left homeless or sleeping in the back of cars.
Now the National Association Of Property Buyers (NAPB) is calling for a probe by legal watchdogs to reduce the chances of people falling victim in the same way again.
Jonathan Rolande, of the NAPB, said: “The cyber attack on Simplify is the latest example of how criminals are increasingly targeting the property sector.
This hack created mayhem and misery for many people. There have been calls for a Government-led inquiry into the matter. But this is an issue for the Law Society who need to now urgently review what has happened and alter regulations to cover 21st Century Issues. The hack at Simplify underlines how modern times create modern problems. Whilst it is great we can send thousands of transactions instantly across the globe, this depressing episode exposes what happens when we can’t.”
Mr Rolande said there were also a number of important lessons to learn from the Simplify case.
He added: “When the Simplify Group was unable to work it wasn’t just a problem with software, it was a problem with people. Many of the most common complaints I was told about were not that contracts failed to be exchanged, it was that customers didn’t know what had happened. Ringing a customer and letting them know the current situation would have helped enormously. This is even more important with a house sale – someone’s home is a basic necessity. Why were customers ignored when basic phone systems still were functional? Disaster planning and emergency management is an essential aspect of business. So why was there no Plan B for the Simplify Group? Whilst many things will inevitably go wrong we should focus on recovery and what was learnt from this and we can only hope that a disaster plan is now in place. Penetration testing to ensure that systems are secure should be part of a regular schedule to check for vulnerabilities in systems, this is especially important given the speed of technology and the scale of recent cyber attacks.”
A Simplify spokesman said that the IT attack is now the focus of a criminal investigation.
He said the group is not aware of “personal data being compromised” and assured clients that “money held by us is safe and secure, and is held in an entirely separate system”.
He added: “We had several days at the beginning of the outage with minimal telephone capacity but we now have hundreds of colleagues making calls to clients and this team are calling every client with an update. We regret any uncertainty and disruption that our clients and others may have experienced over the past couple of weeks and now look forward to restoring confidence in our services as we progress their home moves through to completion.”