Real Estate at Risk: Industry Vulnerable to Data Breaches

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Last updated:

In 2018, the company that manages the Brooklyn condominium where cybersecurity expert Roman Sannikov lives was hacked.

The hacker locked down the property manager’s IT system and demanded the company pay a ransom to get back in. Sannikov, who leads a team of analysts scouring the dark web for intel on cybercrime and hacktivism, wasn’t personally affected by the breach; he pays his maintenance fees the old-fashioned way: by check. But as a member of the condo’s board, he had to notify residents and contend with the aftermath.

Yet Sannikov found that many of his neighbors simply shrugged off the news. “People didn’t pay attention to [it] as much as they should have,” he said.

A similar situation is playing out on a larger scale following last month’s data breach at Douglas Elliman’s property management arm. The company detected the breach in early April and notified residents and employees of the 390 properties it represents that their personal and financial information may have been exposed. Thousands of New Yorkers, many of whom reside in luxury condominiums and white-glove co-op buildings, may have had their data compromised.

But since the breach was revealed, there has been little outrage or concern expressed publicly by those who may have been affected.

Sannikov is just as surprised by that reaction as he was when his building was targeted. Attacks have gotten more dangerous since then, and residents of the well-heeled properties managed by Elliman’s firm face higher risks.

“A breach frequently isn’t the end of malicious activity,” said Sannikov. “It’s just the beginning.”

What’s at stake

In April, more than 500 million Facebook users had their dates of birth, phone numbers, employer information and locations hacked. It’s just the latest in a long list of massive data breaches, which often occur years before the affected parties are notified.

For example: Three billion Yahoo users had their personal information exposed in a 2014 breach that the company only acknowledged two years later. The extent of the incident wasn’t fully known until 2017. The same year,…