LandMark White says new SCRIBD leak is sabotage

Embattled property valuation firm LandMark White can’t seem to win a trick.

After finally resuming trading on the ASX after its epic suspension to clean up its affairs and get vital bank customers back on board, the company late on Thursday fessed-up yet again, calling-in the Australian Cyber Security Centre over more valuation documents being exfiltrated and posted online.

This time, according to LandMark White’s ASX announcement, the leaked PDFs “mostly comprise PDF valuation documents and other operationally related commercial documents” found their way onto sharing website SCRIBD and are now in the process of being removed.

However the company says the latest leak is not related to the previous data breach incident that forced it off the board.

Rather, the finger is being pointed at what LandMark White’s management claims is an attempt to sabotage the company with key executives lashing out.

After months of eating humble pie, LMW chairman Keith Perrett unloaded in the Sydney Morning Herald, saying that “Someone is trying to destroy the company."

“This not a serious data breach,” the Sydney Morning Herald reported Perrett as saying, adding that “it's sabotage and I hope the financial institutions will support a good Australian company that has worked incredibly hard to ensure our security systems are as good as any in the world."

The latest imbroglio is also a major headache for the Commonwealth Bank which rode to the rescue of the firm, lending a helping hand to significantly harden its cyber posture and them resuming business with it.

The CBA’s next move could well be the ultimate survival test for the company as the institution sweats the decision on whether to risk brand contamination or curtail the damage and cut the company adrift.

LMW is also arguing that despite its latest confessional, the “secondary incident” doesn’t actually cross the breach disclosure threshold – it’s just doing the right thing to be honest.

“With the assistance of our legal advisors and based on our initial review of the documents posted, we do not believe that this constitutes a notifiable data breach for the purposes of the Privacy Act 1988 (Cth) and the Notifiable Data Breaches Scheme as there is limited private information contained in the documents.

“Notwithstanding this assessment we have updated the Office of the Australian Information Commissioner of the disclosure and undertaken to keep them updated.”

“These documents do not appear to have been taken from LMW through an IT related security breach but may be the deliberate work of an individual known to the LMW business.

“We are treating this very seriously and will work with law enforcement and government agencies as necessary, to confirm the circumstances of this activity.”

Landmark White’s shares were suspended in late February and only resumed trading in early May as a result of the previous incident. On resuming trading, its shares were hammered to a 52 week low as it put the cost of the post-breach systems clean-up at $7 million.

The company continued to trade on Friday.