Shares in property valuation data firm LandMark White will stay suspended from trading on the ASX for up to a month in the wake of the revelation of a data breach that has prompted major banks to pull their business as questions continue to emerge over the extent of data loss and disclosure.
LandMark White company secretary John Wise told the ASX on Tuesday that the company could not guage the financial impact of the hack because it did not yet know if its customers would return.
“LMW has been suspended from receiving work from a significant number of our clients which is impacting our revenues, profitability and cashflows,” Wise said.
“At this point in time we are unable to ascertain when these clients will reinstate LMW and hence when LMW will be in a position to assess with any certainty the financial impact of the Incident.”
Both CBA and the ANZ are understood to have suspended use of the service, with ANZ going public about its action.
Around “137,500 unique valuation records, and approximately 1,680 supporting documents” were taken as a result of the incident and later emerged on the dark web, the company said in a statement, though it was at pains to stress data of birth and credit card details were not in the mix.
“Although we do not know the identity of the individual, our investigations reveal that an unknown third party posted the dataset on a dark web forum on or about 11.57pm GMT, 31 January 2019, which has since been taken offline on or about 8.08pm GMT, 10 February 2019.
“We do not know how many people accessed the dataset throughout the approximately 10 days that it was available on the dark web, LandMark White’s statement on the incident said.
The company has also taken a direct swipe at the material effect of mandatory breach notification obligations, especially the coverage and noise they generate.
“LMW anticipates that continued public commentary does not allow for an informed market for trading in LMW securities,” White said.
Those comments underscore previous concerns raised about the operation and effects of breach reporting mechanisms by senior cyber officials including Alastair MacGibbon, the head of the Australian Cyber Security Centre that companies can be inadvertently punished for doing the right thing.
The nature of the current notification regime, which is intended to limit cyber damage and speed remediation by requiring disclosure, has arguably created a publicity pipeline of incidents that are now routinely exploited as a free marketing opportunity by security vendors big and small.
