The Calabasas-based company said in an 8-K filing last week that it doesn’t appear any data had been compromised but it did not say whether it paid ransom. It said the company quickly brought in cybersecurity professionals to address the attack on its information technology systems without upending day-to-day activities.
“(Marcus & Millichap) immediately engaged cybersecurity experts to secure and restore all systems and was able to do so with no material disruption to its business,” the filing said.
While the investigation of the attack is ongoing, Marcus & Millichap said that there is no evidence to suggest that anything, including clientele data, was compromised.
“The company continues to work with its external cybersecurity experts to assess and enhance the security of company systems and personal information,” Marcus & Millichap said in the filing, adding that the company carries cyber insurance which it expects “will cover the majority of costs related to this incident.”
According to tech media outlet SearchSecurity, a malware sample that its sister site analyzed appeared to include a ransom note from ransomware gang BlackMatter that targeted a domain name appearing to belong to Marcus & Millichap.
In response to the tech site’s query if the breach was a BlackMatter attack and whether a ransom was paid, a Marcus & Millichap spokesperson said in a statement: “Marcus & Millichap’s 8-K filing stands on its own and best provides the context of what occurred and how we responded to a cyberattack. In keeping with our tradition of placing the highest priority on corporate systems, client service and agent and originator support, we immediately deployed all necessary resources to respond to the incident. As mentioned in the filing, we were able to restore all essential systems and at present there is no interruption to our business.”