Second IT contractor charged over LandMark White data breach

A second IT contractor has been charged in relation to two data breach incidents that wiped $50 million from the property valuation company formerly known as LandMark White last year.

Detectives from the cybercrime squad arrested a 39-year-old Arncliffe man on Friday as part of an ongoing investigation into the alleged breaches against the company now known as Acumentis.

The man, who is a software contractor, has been charged with unauthorised impairment of electronic communication, which carries a maximum sentence of 10 years imprisonment. 

The second arrest comes nine months after Stephen Grant, 49, was charged for allegedly accessing Acumentis database without authorisation while employed as an IT contractor.

Grant is facing 24 charges for the unauthorised database access, which exposed more than 170,000 data records, including personal information and valuation records, to the dark web.

Charges include eight counts of dealing with identification information to commit indictable offence and unauthorised access with intent to commit serious indictable offence.

NSW Police said the second alleged offender was charged after subsequent investigations undertaken as part of Strike Force Vide uncovered additional information about a fibre cable.

“Officers uncovered information that a physical fibre cable, which enabled data transmission between two businesses, was severed at a facility at Ultimo on Sunday 31 March 2019,” it said.

“Police were told that electronic communication used by the Australian-based company was impaired for a 10-day period, resulting in significant financial loss.”

Unlike Grant, the second alleged offender has been granted strict conditional bail to appear at Sutherland Local Court on August 18.

NSW Police Cybercrime Squad Commander, Detective Acting Superintendent Gordon Arbinja, said the offences by the two alleged offenders had a “serious” impact on Acumentis.

“The community need to know how serious these offences are and the impact they can have on hard-working Australian businesses and their employees,” he said.

“While the exact financial loss is yet to be determined, it is expected that nearly $50 million in combined market capital and revenue loss can be directed attributed to these offences.”

“In addition, the company incurred a significant human cost – losing around 130 employees through contract terminations or redundancies.

“These alleged actions essentially crippled a company – leaving them without access to critical data for a significant period of time.”

Investigations under Strike Force Vide are continuing.

LandMark White rebranded as Acumentis in December after the data breach incidents cratered shares.