Housing association residents hit by phishing emails after Plentific cyber attack

The emails were sent after Plentific detected unauthorised access to its system in which email addresses of some residents were accessed. Emails were then sent out by the scammers claiming to be Plentific and asking for the transfer of digital currency to pay for repairs.

Plentific said it could not disclose how many tenants were affected, but confirmed that not all client or tenant data had been impacted.

It added that it immediate took action to remediate the issue, informed all potentially impacted parties and took a number of steps to prevent any further activity, including engaging with third-party cyber security and privacy experts.

The platform has continued to monitor its systems and has not found any evidence of unauthorised access or suspicious activity.

All of the landlords affected have now contacted the Information Commissioner’s Office and the Regulator of Social Housing. They have also spoken to affected residents to provide support and advice.

The associations said the majority of phishing emails that were sent to residents would have gone straight into their spam folders due to the emails including the word bitcoin within the body text.

However, L&Q has now suspended all new work with the platform until it has completed an investigation into the incident.

A spokesperson for the 105,000-home landlord said: “We have contacted every household whose data is held by them [Plentific] to make them aware of the possible risk and provide them with advice and guidance to protect them against potential fraud and minimise any inconvenience or concern that the breach may have caused them.

“We will continue to keep residents updated as we receive more information.”

Notting Hill Genesis said it is not aware of any residents being adversely affected by the incident, but that in the interest of transparency it has written to all residents who did receive an email to let them know what happened and told them to be alert for suspicious emails.

A Peabody spokesperson said: “We take data security extremely seriously and wrote to all residents as a precaution and as a reminder to be alert to any suspicious communications.”

A spokesperson for PCHA said it has been in regular contact with Plentific and has received assurances that the issue had been resolved.

They added: “Plentific hold very limited contact data on our behalf, but we are aware that 18 PCHA residents email addresses were affected. We have been in touch with these residents directly, but it appears that these emails ended up in their spam folders and, to our knowledge, none have suffered any loss from this breach.”

Legal & General (L&G), the investment giant which also owns thousands of homes, said that it is now temporarily pausing a feasibility trial with Plentific until the issues were sorted. L&G said the trial did not involve any resident data so its residents were not affected.

Founded in 2013 by Emre Kazan and Cem Savas, London-based Plentific offers a dynamic purchasing platform that can see multiple small businesses provide quotes for social landlords which can then decide the best person for the job and send them to the affected property.

The news of the cyber attack comes just a week after the company raised $100m in Series C funding to support its expansion into the US and other international markets.

A Plentific spokesperson said: “We take the security of our clients’ data incredibly seriously and are working closely with all those impacted to advise on the extensive steps we have taken, and continue to take, to ensure a similar incident will not occur in future.”