An important message from Magic Vacation Title, LLC to all of our Disney Customers:

[MAGIC VACATION TITLE]

Magic Vacation Title - Official News

We take this matter very seriously and wanted you to know what steps *** is taking regarding the email virus attack on Monday, 12/21/20

Virus Limited to One Email account - It was confirmed by third party IT Security reps that one email account was infected with a virus which started a series of spam, spoofs and malware emails to everyone that communicated with that account.

Local and Federal Agencies notified within 24 hours of containment

Third party businesses notified - such as Disney, vendors, DVC Resale Market, Google, etc.

Current Customers are in process of being notified by phone and email. Historical customers will be notified by email. Let the Customer Care rep know if you have received any emails and report the type of info contained.

Database information was NOT accessed in Cyber Attack

New procedures are already in place for current and new customers - You will be notified of these when you are contacted by our Customer Care department to sidestep spoof attempts.

RECOMMENDATIONS:

Do not open ZIP files from ***. We never send ZIP files or Archive files with passwords. Zip file attachments are labeled as such and contain the virus that infected the email account. Because this virus attack is circulating heavily in businesses and personal accounts, be vigilant about opening these only when you are expecting one from a trusted source. Being informed and careful will help end this spread, (much like Covid 19.)

Report any additional concerns or questions directly to us so that we can assist and update reports to the authorities. 407-488-1330 and dial 1 for Customer Care.

We are quite serious about urgency and broad response in this matter and if we have not yet addressed your specific concern, feel free to contact our Customer Care department and ask the question.

Sincerely,

Magic Vacation Title, LLC




This is a follow up from Magic Vacation Title, LLC


Note that only one email account was accessed in a cyber attack. Social Security info which is stored in a secure database wasn't hacked. Only the email info from one account was accessed and is now being spoofed.




We became aware on December 21, 2020 that one of our email accounts was breached. This is to notify you that if you conducted business with us recently or historically, your email info may have been compromised. You will know if it was by the numerous spam emails that may have started coming your way.



What you need to know and do:



1. There may be annoying spam to the customers that were addressed inside of that email account. Ignore those and report them as spam.

2. Do not click on any ZIP files from our company or anyone unless you trust the source. We do not send those. They may contain malware or ransomware.

3. There may be phishing emails coming as well that look like they are from us asking for money to close the transaction. Use common sense, Ignore them and do not respond.

4. Report any of these emails you may receive as spam.

5. If you receive a notice with wiring instructions, even if you think it is appropriate, call our office to verbally verify the wiring instructions. As they may attempt to "spoof" in order to get you to divert your funds to them.

6. As a precautionary measure, If you used a credit card as a deposit, you may want to keep an eye on that account for any suspicious activity although we cannot confirm if any of that info was compromised.

7. We believe the breach was only to one email account, and the Title and Escrow software was NOT compromised.



*** is notifying the appropriate authorities and publicly notifying it's customers of the affected data breach. Meanwhile, we have employed some new policies around wires to have personal contact for verification prior to sending and not relying on email info regarding sending money. We will be reaching out personally to every customer we currently have in process with further instructions.



We regret that this cyber attack may impact you and we will continue to be vigilant to protect our customers' information. Now that we have eliminated the threat to our system, our ability to conduct business safely is not compromised in any way. And we will be taking further security steps to ensure that transactions can proceed without delay.



Sincerely,



Magic Vacation Title, LLC

 

[WebmasterDoc]

FYI - Pete Werner has given permission for this important message to be posted.

 

[RoseGold]

So magical to find this out mid-transaction on a message board!

 

[Helaman]

Thanks allowing this post. I have already received five phishing emails with attachments. The email contained my actual past correspondence with Magic Vacation Title. The sender address was not Magic Vacation Title, but the sender name was.

 

[Stitchescape]

OP Thank you for posting. It’s a very worrying situation for those clients who are affected, especially if you are mid transaction/on the point of closing.

 

[chicagodisneyguy]

Might make sense to provide the official office phone number in the first post as I'm sure any scam emails might provide fake numbers that would have customers verifying the phony wiring instructions.

 

[Wakey]

Magic Vacation Title- have you approached DVC to ensure all affected buyers telephone accounts are protected, a big risk given the hackers know names, addresses, telephone numbers etc and DVC Membership numbers is that they ring up Disney and do something with the account, pretending to be a member,

This is urgent,

 

[EricLaurie]

We’ve gotten a number of the scam emails here. It’s pretty clear the person‘s email had been hacked. Good point about watching the credit card. We‘ll do that.

 

[My3kids1989]

Since it coincided with the day my final funds were received I thought nothing of it and responded asking if I needed to do anything with the emails. So of course no one responded to me. I received probably 5 or 6 emails. It looked like they were archiving the emails.

 

[Stitchescape]

My3kids1989 us too we share your concerns. Sadly all attempts to get clarity from the agent supposedly dealing with it, or the broker, have gone unanswered. Looks like we’ll have to call them later (international buyers).

ETA communication with the agent has now resumed for us.

 

[Lesserlion]

I'm not sure what the state laws in Florida are regarding compromised data, but many states have Data Breach reporting requirements - including timelines for notifying authorities and (in certain circumstances and data types) affected individuals. It may take some time for them to work with professionals and authorities before they can tell us for certain what may/may not have been exposed.

The best action is to definitely monitor your cards and/or bank accounts - probably best to take that action around this time of year anyway.

 

[Jaydee51]

the most recent email I received at 2am had my complete credit card billing address and credit card transaction information in the email chain.
This is more than spoofing.
Please, I beg you to be transparent so everyone impacted knows how severe this is and can take proper measures to mitigate the risk.
Thank you for posting.

 

[Wakey]

DVC Resale Market also need to step up here and ensure past customers are protected as well as possible.

 

[Jaydee51]

I'm not sure what the state laws in Florida are regarding compromised data, but many states have Data Breach reporting requirements - including timelines for notifying authorities and (in certain circumstances and data types) affected individuals. It may take some time for them to work with professionals and authorities before they can tell us for certain what may/may not have been exposed.

The best action is to definitely monitor your cards and/or bank accounts - probably best to take that action around this time of year anyway.

Regardless of legal requirements, the ethically correct thing to do is for the company to communicate the breach immediately and transparently (not downplay it). At minimum they should contact clients in the order of all open transactions (yes of course they know who those customers are), and work backwards. Every client in the past year (at minimum) should be contacted immediately.
Not everyone is on a board, so although this post is a great first step, it's not the only thing they can do proactively.
If they know how to contact folks when then need a contract signed, credit card information or a wire transfer, they can certainly send a proactive email warning.
The handling of this situation could determine if this company can stay in the DVC business going forward so they should take this very serious and do right by the folks that trust them with their financial information and their lifetime of vacation travel - which many consider to be very sacred - I know I do.

 

[WestCoastDVC]

I'm going a step further and just submitted to replace my credit card. It is rare that I send the entire number and security code over e-mail and this is definitely concerning. Glad I saw the post on this forum by chance, and I agree customers should get a direct notification.

 

[Sandisw]

The only piece I want to add is that we do need to remember that there are still several companies who have employees working from home and have reduced staff, especially this week.

I do agree that notification to those impacted or potentially needed to happen, I also think people need to realize that it does take time,

It’s possible that this was posted here by someone who was one of the first ones they were able to get to, and were in process of working through the list,

Once it was out there, I bet they got a ton of calls and dealt with those. I am not trying to make light or excuse lack of communication...but I am also sure they tried hard to get to people ASAP and since the issue was emails...one of the quickest ways to get to people, that was no longer an option.

At this point, I hope they have reached out to all and those of you who may have been impacted, have been able to take care of your situation to ensure all is safe,

This situation is one of the reasons why DH and I pay to have a credit monitoring company, just as an extra layer.

 

[ScubaCat]

the most recent email I received at 2am had my complete credit card billing address and credit card transaction information in the email chain.
This is more than spoofing.
Please, I beg you to be transparent so everyone impacted knows how severe this is and can take proper measures to mitigate the risk.
Thank you for posting.

Agent(s) probably stored confidential data on their own PC and then got hacked by a phishing scam. That's likely what happened. I make my living in network security and compliance and I see this all the time. People think it'll never happen to them because they're "careful". Even within a company that specifically deals in this area, people just lazily skirt the rules.

 

[RanDIZ]

I’ve yet to hear from my broker or this title company after reaching out to both. My contract was sent to ROFR Dec 16th. I shut my card off which I made both aware of so as of now they don’t have my deposit and seem to not care either.

 

[Corgi]

I just received an email from them today. My purchase was years ago and my cards and account have changed since then, so I'm okay. Hope the rest of you don't have any issues from this.

 

[cm8]

Does anyone know how far back this reaches? I used them to close on my resale back in 2012? Should I be concerned?