Original Post from InfoSecurity Magazine
Data Thieves Hit California Property Management Company
A California property management company has been targeted by data thieves operating out of the San Diego area.
An online database belonging to Wolfe & Associates, Property Services, was compromised by cyber-criminals in a data breach that may have occurred as many as six months ago.
The company was unaware that a breach had taken place until it was notified by the Santa Barbara Police Department on March 5.
In a statement released on April 3, Wolfe & Associates said that it was now working with the police “to determine the extent of the information that was obtained.”
Police advised Wolfe & Associates that thieves may have obtained a wide variety of data belonging to the company’s customers. This information could include rental applications that contain personal information such as name, date of birth, Social Security number, driver’s license number, and home address.
“The Santa Barbara Police Department has been investigating the matter and informed us that the thieves likely used ‘strong-arm’ tactics to force breaching of security measures that were in place,” said a spokesperson for Wolfe & Associates.
“On March 23, 2020, the police provided us with information about the identity of potentially affected applicants, including a list of their email addresses. Notice has been sent to those individuals.”
The company said that “people applying for apartments in Isla Vista after February of 2018, 2019 and 2020” have not been impacted by the breach.
The culprits behind the attack, after targeting online databases belonging to several companies, have now been arrested.
A spokesperson for Wolfe & Associates said: “According to the police, the suspects appear to have a history of obtaining personal information and using it to submit fraudulent insurance claims, among other things.”
Wolfe & Associates manages over 30 Isla Vista properties, many of which are rented to students.
A fourth-year University of California student who leased with Wolfe & Associates from 2016 to 2018 told Daily Nexus: “The main concern is the cosigners. If my data was breached, my parents are my cosigners so the likelihood of their socials being taken as well are very high.”
Since learning of the breach, Wolfe & Associates has transitioned their website onto an entirely new platform that includes an integrated and secured system for collecting, processing, and storing applications.
Go to Source