RE/MAX, an international real estate network with over 9000 offices worldwide, has been allegedly breached by Medusa ransomware, a major threat actor targeting large organizations. Medusa released samples of files and demanded a $200,000 ransom for the erasure of the remaining 150GB.
The breach is not yet officially confirmed.
On Tuesday, Medusa Ransomware posted RE/MAX on its leak site on the dark web, claiming it had exfiltrated 150GB of data. A countdown timer leaves less than 18 days to pay up before the data is released publicly.
The attached screenshots expose some real estate agents from various countries and include personal data, such as full names, photos, anniversary data, year-to-date commissions, monthly billing data, business phone numbers, email addresses, and other contact data, which are likely public and used for communication with clients.
Internal documents expose the amounts paid out to real estate agents, their classification, quotas, and fee structure. The dates in the documents indicate the data is from 2021-2023.
Other screenshots include photos and schematics of properties’ layouts, as well as one franchise termination letter.
“The available data doesn’t appear to be super sensitive or valuable. However, the data sample is small, and the rest of the 150GB leak might contain more sensitive data. A big leak from a major real estate company shows serious failure in data governance,” said Nojus Girdenis, security researcher at Cybernews.
Cybernews security researchers warn that the stolen data could potentially be used in identity theft, financial fraud, and highly targeted phishing.
“RE/MAX’s customers could even suffer from property scams. In this case, the company could face financial damage (ransom payments, possible fines, legal fees, etc), operational disruption, and reputational damage,” Girdenis said.
While Medusa expects $200,000 from potential data buyers, it also offers an option to extend the deadline by one day for $10,000.
Cybernews has reached out to RE/MAX for a comment and will include its response.
Your email address will not be published. Required fields are markedmarked