RE/MAX has fallen victim to a significant cyberattack, resulting in the exposure of customer data. In a series of emails, the hacker threatens to extort the company, prompting a response from CEO Adrian Goslett, who outlines the company's actions and reassures franchisees.
Image: File image.
Popular real estate company, RE/MAX fell victim to a cyberattack which resulted in customer data being exposed to the hackers.
In emails seen by Business Report, the hacker sent the following message to company in an attempt to extort the real estate company for money.
The hacker wrote in an email, "Hai , Good morning Yes we have your complete database the total 291GB , Please let us know your offer, also The S3 bucket data is also with us only your deal files and all other whatever was deleted we have complete backup of those , if you want proof we can share you . And Please let us know your offer! Your Friendly Hacker Pal!"
Furthermore, in an email sent to RE/MAX franchisee owners by Adrian Goslett CEO and Regional Director RE/MAX Southern Africa, following the data breach, confirming the incident, he said, "Dear Franchisee,RE/MAX has been the victim of a cyberattack that was executed through our public‑facing website. As confirmed by our technical team, the intrusion involved a brute‑force attack followed by SQL injection, which allowed the threat actors to access certain internal systems and extract information."
The company then acted swiftly, releasing a statement informing the public about the data breach.
RE/MAX confirmed that there was a recent information security incident that may have affected personal information stored on our systems.
"On 5 March 2026, RE/MAX detected unauthorised access to certain internal systems by a third party that identifies themselves as "Team Cyber Strike". The breach was detected shortly after it occurred, and our technology teams acted swiftly to contain the situation. Systems have since been restored, and full operations have resumed," RE/MAX said in a statement.
"We can confirm that we rejected a blackmail attempt by refusing to negotiate with criminals. This stance reflects the longstanding corporate values of RE/MAX and its commitment to acting with integrity, even under pressure. Cyber threats are becoming increasingly sophisticated and widespread across all industries, and organisations of every size are being targeted. As such, this incident should not be viewed as a reflection of our cyber resilience. RE/MAX remains committed to continuously improving its defences and enhancing its security posture," the real estate company further stated.
RE/MAX said that internal technical assessments indicated that the attackers used a bruteforce method followed by SQL injection to access database information and disrupt operations by deleting certain tables.
The company said that was this was discovered, it took immediate action by engaging external forensic specialists and legal counsel. It also conducted a forensic analysis of AWS activity logs and affected systems.
RE/MAX said it then Initiated device-level forensic imaging for developers and IT personnel with access to S3 credentials. They then stabilised their systems and restored affected databases and artefacts from backups. It went on to reviewing and strengthening access controls.
They then took steps to rotate passwords and keys and then notified the relevant regulatory authorities in accordance with legislative requirements
"No data has been lost as a result of this event and we have successfully recovered the encrypted server," RE/MAX stated.
The company said that preliminary forensic findings indicated that certain documents stored within the affected environment may have been accessed.
"This includes certain types of personal information pertaining to some (but not all) clients and RE/MAX affiliates, including unique identifiers such as: identifying number, e-mail address, physical address, telephone number, age, etc. Transactional related data (such as, documents, OTPs, commission, etc.) A detailed data impact assessment is under way to confirm the exact categories of personal information involved," RE/MAX said.
"We are committed to learning from this incident and continuously improving our security practices to protect your information," RE/MAX added.
The company also shared what customers can do to take action if they have been affected by the cyberattack.
"Based on current findings, the possible consequences might include identity theft, fraud, loss of reputation and loss of confidentiality of personal data protected by professional secrecy. As precautionary measures, we recommend that you are vigilant to any suspicious communications or unusual activities," RE/MAX said.
"We encourage you to safeguard your personal information by following these global best practice security measures. Do not disclose personal information such as passwords and PINs when asked to do so by anyone via email, phone, text messages or fax. Verify all requests for personal information and only disclose it when there is a legitimate reason to do so. Be cautious when sharing your ID, address, or banking information, especially in digital formats or with unfamiliar contacts," RE/MAX said.
Carefully consider emails which contain embedded hyperlinks or unexpected attachments. Avoid clicking on links or downloading attachments from suspicious emails.
Change your passwords regularly, using lengthy passwords with complexity, and never share these with anyone else. Use a password manager to create and store strong, unique passwords for each account.
Enable two-factor authentication (2FA) for all online accounts, especially those related to financial services.
Perform regular anti-virus and malware scans on computers, tablets and mobile devices, using software that is up to date.
If you are located in South Africa, you may apply for Protective Registration with the Southern African Fraud Prevention Service (SAFPS). This is a free service designed to help protect individuals whose personal information may be at risk.
Follow Business Report on Facebook, X and on LinkedIn for the latest Business and tech news.