We use cookies on this website.

By clicking "Accept," you agree to the storage of cookies on your device to improve your browsing experience, analyze site usage, and contribute to our marketing efforts. See our privacy policy for more information.

A Series of Real Estate Data Breaches: Why the Industry Is Being Targeted, and What SMEs Need to Know

In just a few weeks, several French real estate networks have had their databases compromised by the same cybercriminals, including IAD Group in early July. These files are being used to carry out highly targeted scams. Here’s why the industry is being targeted and what steps you can take to protect your small business—even if you’re not in the real estate industry.

A Series of Real Estate Data Breaches: Why the Industry Is Being Targeted, and What SMEs Need to Know

In summary. Since mid-June 2026, the same cybercriminal group has claimed responsibility for data breaches at several major French real estate networks, including IAD Group in early July. For an SME, the danger isn’t so much appearing in these files as it is receiving highly credible fraudulent messages based on real customer data.

What Happened

The French real estate sector has been hit by a series of data leaks over the past several weeks. On July 2, 2026, a claim targeted IAD Group, a proptech company that operates a large network of independent advisors. The perpetrators, known by the pseudonyms ChimeraZ and misere, put up for sale a database of approximately 14.3 GB containing information on nearly 3.8 million people, along with a 966 GB archive of PDF documents (power of attorney forms, contracts, and identification documents). The information was identified by the Cyberattaque.org observatory and reported by FrenchBreaches.

This is not an isolated incident. In late June, similar claims were made against Digit RE Group (3.4 million profiles), Century 21, and several CRM providers and agencies. The perpetrators claim to have extracted tens of millions of data records from the sector between June 8 and 30 through more than 25 leaks. These figures remain unofficial claims, but the pattern of repeated leaks is very real. We detailed one of these cases in our analysis of the Digit RE Group data breach.

Why Real Estate Is So Coveted

Real estate databases are valuable for one simple reason: they bring together a person’s identity, history, and plans all in one place. A lead database contains more than just a name and an email address. It often indicates who is looking to buy or sell, in which area, with what budget, at what stage of the process, and which advisor is handling the case.

Add to that the power of attorney documents—which include property addresses, identification documents, and sale prices—and you have everything you need to orchestrate a tailor-made scam. A scammer who knows a person’s actual records can impersonate their notary or real estate agent at the exact moment a transaction is taking place, then request a wire transfer or a change to the IBAN. That’s where the risk extends to small and medium-sized businesses.

Does this apply to me, even if I'm not in the real estate business?

Yes, in two ways. Your executives and employees may be listed in these databases in their personal capacity if they have ever submitted a request on a real estate portal or signed a listing agreement. The data described goes far beyond simple contact information, which makes a fake message seem convincing.

Above all, these data breaches fuel wire transfer fraud, which targets all businesses. An accounting department remains a natural target for a fake payment request based on a real context. An SME doesn’t need to be a client of a real estate network to receive a well-crafted fraudulent email as well.

What to Do Now

1. Always use two channels for any financial transaction. A request for a wire transfer, bank account information, or a change to your bank details should be verified through a channel you already know—a number you dial yourself, never the one provided in the message. This simple precaution alone can prevent most wire transfer fraud.

2. Alert your teams to the current wave of scams. A brief internal message is enough to warn them about emails that mention a property, a listing, a showing, or a signature. A team that’s been warned is much less likely to click on such links.

3. Check for reused passwords and enable two-factor authentication. If work email addresses appear in this type of data breach, a reused password could grant access to your business tools. Two-factor authentication for email and sensitive accounts remains the best protection. We can review this with you, for example as part of a managed services agreement.

Not sure about your exposure?

Get an update from an IT Systems expert

A quick assessment of your exposure and the steps you should take. No obligation.

Request an exchange

In a nutshell

The series of data breaches affecting the French real estate sector confirms that industry databases rich in identity and heritage data have become prime targets. For an SME, the real challenge lies in the coming weeks, with attempts at wire transfer fraud and targeted phishing. With a two-channel payment system, a well-informed team, and two-factor authentication in place, you can mitigate most of the risk.

Samir Amara, CEO — IT Systèmes

Frequently asked questions

My small business isn't in real estate—does this really affect me? Yes, indirectly. Your employees may be listed in these databases in their personal capacity, and, more importantly, this data is used to carry out wire transfer fraud that could target your accounting department.

Have these data breaches been confirmed? These are claims made by cybercriminals. The exact volumes and the source of the data breaches have yet to be confirmed, but vigilance is warranted at this time.

What is the first precaution to communicate internally? Never approve a wire transfer or an IBAN change without calling the person back using a known number. This is the simplest and most effective measure.

Our latest articles

See more
software
Development & automation

"I'm afraid to install software"

In 1996, I took my first steps in computing on an Excel spreadsheet where I filed cheat codes for my favorite video games. 🕹️Le the beginning of a passion for office tools (to each his own 😅 ). There were 3,000 machines connected to the internet! 😶 But what happened next?
July 3, 2026
fishing
Cybersecurity

Phishing 2026: Definition, Examples, and Protection for Small and Medium-Sized Businesses (Comprehensive Guide)

Spear phishing, BEC, voice deepfakes: why training alone isn’t enough, the true cost of an incident (€275,000), and the security measures that will work in 2026
June 26, 2026
backup-vs-retention
Cloud & infrastructure

Comparing backup VS retention

Backup VS retention: here's the match everyone's been waiting for!!!! 🥊 (okai not at all but I needed a catchy title..🤫)
July 3, 2026