Anywhere Real Estate Hit by Clop Ransomware Attack, Exposing 17,429 Customers
In August, Anywhere Real Estate disclosed a data breach affecting 17,429 customers, following an attack by the Clop ransomware gang. The cybercriminals infiltrated the company’s Oracle E-Business Suite environment, accessing and potentially exfiltrating sensitive customer data. A breach notification filed with the Maine Attorney General’s Office confirmed the incident, though details on the exact nature of the compromised information remain limited.
Clop, a well-known ransomware and extortion group, has been linked to multiple high-profile attacks, often targeting vulnerabilities in enterprise software. The breach at Anywhere Real Estate parent company of brands like Coldwell Banker, Century 21, and Sotheby’s International Realty highlights the growing threat to real estate and mortgage sectors, where vast amounts of personal and financial data are stored.
The company has since notified impacted individuals, but the full scope of the breach’s consequences including potential identity theft or fraud remains unclear. This incident follows a broader trend of cyberattacks on real estate firms, underscoring the industry’s vulnerability to sophisticated ransomware operations.
Source: https://www.linkedin.com/pulse/property-records-tech-draws-fresh-vc-interest-anywhere-sacue
Anywhere Real Estate Inc. cybersecurity rating report: https://www.rankiteo.com/company/anywhere-real-estate-inc
Sotheby's International Realty cybersecurity rating report: https://www.rankiteo.com/company/sothebysrealty
"id": "ANYSOT1770810849",
"linkid": "anywhere-real-estate-inc, sothebysrealty",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '17,429',
'industry': 'Real Estate',
'name': 'Anywhere Real Estate',
'type': 'Corporation'}],
'attack_vector': 'Vulnerability in enterprise software',
'customer_advisories': 'Notified impacted individuals',
'data_breach': {'data_exfiltration': 'Potential',
'number_of_records_exposed': '17,429',
'personally_identifiable_information': 'Potential',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Sensitive customer data'},
'date_publicly_disclosed': '2023-08',
'description': 'In August, Anywhere Real Estate disclosed a data breach '
'affecting 17,429 customers, following an attack by the Clop '
'ransomware gang. The cybercriminals infiltrated the company’s '
'Oracle E-Business Suite environment, accessing and '
'potentially exfiltrating sensitive customer data. A breach '
'notification filed with the Maine Attorney General’s Office '
'confirmed the incident, though details on the exact nature of '
'the compromised information remain limited.',
'impact': {'data_compromised': 'Sensitive customer data',
'identity_theft_risk': 'Potential',
'systems_affected': 'Oracle E-Business Suite'},
'motivation': 'Extortion',
'ransomware': {'data_exfiltration': 'Potential', 'ransomware_strain': 'Clop'},
'references': [{'source': 'Maine Attorney General’s Office'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney '
'General’s Office'},
'response': {'communication_strategy': 'Notified impacted individuals via '
'breach notification'},
'threat_actor': 'Clop ransomware gang',
'title': 'Anywhere Real Estate Hit by Clop Ransomware Attack, Exposing 17,429 '
'Customers',
'type': 'Ransomware',
'vulnerability_exploited': 'Oracle E-Business Suite'}