The exposed database contained a total 1,523,776,691 records with a size of 1.16 TB. The data was organized in various folders according to: property history, motivated sellers, bankruptcy, divorce, tax liens, foreclosure, home owner association (HOA) liens, inheritance, court judgments, obituary (death), vacant properties, and more. The folders contained information on property owners, sellers, investors, and what appeared to be internal user logging data that included name, physical address, phone number, provider, and what was downloaded from the database. The logging records indicated that the files belonged to a company named Real Estate Wealth Network.
Property tax records serve a crucial purpose in local governments, providing essential information necessary for the functioning of a community and its administrative processes. Despite containing sensitive personal data, these records are needed for several reasons:
- Tax Assessment and Revenue Generation: Property tax records are the basis for determining the fair value of properties within a jurisdiction, which is used to calculate property taxes. These taxes contribute to funding essential public services like schools, infrastructure, emergency services, and community programs.
- Ownership and Legal Documentation: Property tax records contain vital information about property ownership, legal descriptions, parcel numbers, and historical data related to property transactions. This data is fundamental for maintaining accurate ownership records and ensuring legal compliance.
- Urban Planning and Development: Governments and city planners use property tax records to analyze trends in real estate ownership, evaluate property development, and plan for urban growth. These records aid in making informed decisions about zoning, land use, and community development.
Despite their importance, property tax records also pose privacy risks if accessed or misused by cybercriminals:
- Identity Theft and Fraud: Property tax records contain personal information such as names, addresses, property values, and sometimes social security numbers. Cybercriminals could exploit this data for identity theft, creating fraudulent accounts, or conducting financial scams.
- Targeted Scams and Social Engineering: Information from property tax records could be used to craft convincing phishing attempts or social engineering attacks. Criminals might use property-specific details to manipulate homeowners into revealing more personal information or falling for fraudulent schemes.
- Physical Security Risks: Detailed property records might inadvertently disclose vulnerable details about an individual’s wealth or property conditions, potentially making them targets for physical burglary or exploitation.
To mitigate these risks, governments and organizations responsible for maintaining property tax records should prioritize robust cybersecurity measures. This includes encryption of sensitive data, regular security audits, employee training on data protection, and compliance with privacy regulations. Additionally, individuals should stay vigilant against potential threats, regularly monitor their financial statements, and be cautious about sharing personal information online or with unknown sources.