Housing sector hit by a number of high-profile cyber attacks


August 22, 2022

In recent months the housing sector has fallen prey to several successful cyber-attacks.

In July, hackers infiltrated Bromford Housing Association, who, as a precautionary measure, were forced to shut down its systems. Servicing Central and Southwest England, Bromford has a portfolio of around 40,000 homes and provides service for approximately 90,000 people.

Robert Nettleton, Chief Executive, updated customers on events and said, although precautionary steps were taken, it appeared that the attack had not breached data.

In addition, the UK’s largest housing association, Clarion, was subjected to an attack in June and worked with specialist partners to resolve challenges after disruption to email, phone lines and IT Systems. During this time, Clarion could not deal with customer calls or take payments from tenants over the phone.

Insider housing.co.uk reported that Clarion residents raised concerns about paying rent and home sales potentially falling through after Clarion lost IT systems.

The incident took weeks to resolve, and the landlord said there was no indication that residents’ passwords were compromised during the attack, but investigations were still ongoing.

August also saw Manchester-based ForViva suffer a data breach in which hackers stole data from the social housing group. Liberty and ForHousing, part of ForViva, which manage properties across the northwest, were victims of ransomware attacks.

ForViva confirmed that it became aware of hackers attempting to access systems on the 26th of July. Group Managing Director of Liberty, Ray Jones, confirmed that a small amount of data was compromised during the incident

Ransomware attacks are commonplace in which attackers demand payment to unlock systems or to prevent personal information from being deleted or released to the dark web for sale.

Data harvested can also be used against the victims and breached organisations often see data being used to commit further exploitation. For example, the perpetrators of the Clarion attack may send messages to uses purporting to be Clarion themselves.

According to a poll issued by the Social Housing Action Campaign (SHAC), 84% of residents suffered an increase in phishing activity following the attack, with one tenant claiming to have received thirty-one phishing messages in one week.

In many cases where data breaches occur, these start with social engineering or phishing to gather credentials that allow access to IT systems from which further exploitation and data harvesting can occur. For example, in over 90% of successful breaches, human error plays a pivotal role.

Cybercrime is now a global challenge, and the UK government estimates the cost to the economy is £27bn. All organisations need to be vigilant and adopt secure and robust security solutions, but it is essential also to ensure everyone within an organisation understands the inherent risks they face from phishing emails and malware.

At FourNet we help organisations to understand their vulnerabilities and offer a range of solutions to help sure up security and train staff on how to spot potentially malicious emails and online activities.

Please get in touch if you want to know more about our cyber security services.


How to protect your organisations from cyber attacks.