Angry tenants and residents of Clarion Housing Group got together at a SHAC meeting on Wednesday 13th July to agree a plan of action in protest at the ongoing systems outage at their landlord. For details, see Clarion Closes Down.
Europe’s largest housing association is approaching the one-month anniversary of a cyber attack for which the landlord appears to have been totally unprepared and without an adequate contingency plan.
The already hard-to-reach landlord became even more difficult to contact from Friday 17th June. Email and telephone systems remain out of action a month later.
If you are a Clarion tenant or resident, please see our guidance on staying safe from cyber threats following a possible data breach of tenant and resident information, and how to respond if you spot unusual activity in your bank account.
Informed by Facebook, Not Clarion
The first issue to concern Clarion members has been the patchiness of communication. Lisa*, a tenant on a Norfolk estate of around 80 homes, explained:
I only found out about the cyber attack three weeks after it occurred when my neighbour spotted something about it on Facebook!Lisa, Norfolk Tenant
Lisa and her neighbour called on homes across the estate to let people know. None of the tenants they spoke to had received any communication from Clarion.
The second issue raised with SHAC was the implausibility of the delay and inconsistent accounts of the cyber attack’s impact. Dennis* reported:
We are being told that they can’t access their electronic systems, but somehow they’ve been able to get our email addresses.
We’ve all received an email about paying rents, which we’re told to keep paying even though we can’t always tell if the money got through.
We’re told they can send us emails, but there’s no point answering because they can’t be sure our emails will be seen.
It doesn’t add up. I’ve never heard of a problem that only affects inboxes, not outboxes, and carries on for four weeks”Dennis, Clarion tenant
Tenants, including those on shared ownership contracts, were told in some cases to redirect their payments to an account with a reference number consisting entirely of zeros.
(Left) A message from Clarion received by some tenants which tells them to “keep your rent money aside … so that you can make a payment once the system is back up and running”. (Right) a contradictory email from Clarion asking tenants and shared owners to redirect rent payments into a ‘highly unusual’ bank account.
It looked so suspicious that some online banking apps would not accept the change. Tenants and residents had to call their banks to switch.
Others were told to set their rent aside.
Many tenants and residents have experienced a significant jump in spam and phishing activity, which started shortly after the cyber attack (see advice on phishing activity below).
Clarion has not yet confirmed to tenants and residents that a breach of their data has occurred, although we understand that the organisation has self-reported to the Information Commissioner’s Office.
Barry* testified on the increase in spam, saying “Since the 28th June, I’ve had 31 phishing emails and texts to my phone. Before then, I’d maybe get one or two a month, if that”.
Ellen* reported receiving a demand from a finance company showing a credit card had been taken out in her name and used to its limit. When she reported the identity theft to the company, she found that a considerable amount of personal data would have been needed to set it up. Ellen concluded that such information could only have come from her landlord, Clarion.
Similar stories are being reported across a number of Clarion tenant and resident social media platforms.
SHAC@Clarion members have understandably had enough. A plan of action has been agreed by the group. If you are a Clarion tenant or resident, please join us and get involved.
* Not their real names
What is Phishing?
Phishing is a specific form of scam activity. It can pop up as an email, text alert, WhatsApp, Facebook, Twitter or other social media message. It tries to get recipients to part with information such as bank account, date of birth, account passwords, and home address. The information is then used to make unlawful payments or apply for credit cards in the recipient’s name – a type of identity theft.
People can be caught out by phishing because some communications are highly sophisticated, closely mimicking those of landlords, banks, or government departments. Tenants and residents are therefore urged to be extra vigilant. For more details, please see the Government reporting website here.
14 July 2022
If you have a WordPress account, you can keep up to date with our blogs by subscribing to our site below: