Clarion residents feel ‘ignored, trapped and anxious’ following major cyberattack

One shared owner said he fears that the sale of his home is going to fall through because of the cyberattack. 

Mark Timmington said that Clarion has not yet sent him a management pack – which is needed for the sale – and that the interested buyer is growing impatient with the delay, saying they cannot wait indefinitely. 

Mr Timmington ordered the management pack at the end of May, but the person who was supposed to be dealing with his case was not working at the time, and now he has been told that no one could access her emails because of the cyberattack and that he would have to send all the details again.

Mr Timmington has been told it is unclear when he can expect the management pack amid the cyberattack. 

“You feel completely ignored and trapped. If the buyer pulls out, it will be a completely new process. And will it happen again? How long will it take? How long does it take a cyberattack to get solved?” he said. 

“For them to become almost completely redundant when the sale was about to go through is quite scary.”

Some tenants who pay their rent via direct debit have had no money come out since 22 June, but are too anxious to pay any other way given the circumstances.

Clarion apologised “for any confusion or inconvenience” the failure of direct debits is causing, adding that it has contacted those tenants by letter or email to “provide alternative options for paying rent and service charges”.

Others are seeing that they are in rent arrears on their accounts, despite having transferred money to Clarion. Many have taken to social media to raise concerns with the housing association about the issue.

Clarion said it was sorry that online balances are not updating correctly. 

“We understand this will be a source of frustration for some,” a spokesperson said, adding that the payments are being received though the “safe and secure channels we have provided, and we are able to monitor receipts into our bank account”.

Residents have said that the communication about the incident from Clarion has been poor, with some saying they received no information at all. 

One tenant, who did not wish to be named, said that the only time she heard from Clarion about the incident was when it asked her to pay rent into an account she did not recognise. 

She had previously seen a post by Clarion on Facebook – since removed but seen by Inside Housing – which stated that Clarion “would never ask you to pay money into another account”.

She said she is not comfortable paying into the account given the previous advice and the cyberattack. 

“I’ve been in this house 18 years and I’ve never missed one rent payment. I’m worried in case I get blacklisted,” she said.

Clarion acknowledged that the account number for the payment “looks unusual but reassured that it is correct” and that the account has not changed. 

The resident, along with a number of others Inside Housing spoke to, said they had seen a significant uptick in spam since the cyberattack.

At the end of July, the landlord said that there was no indication that residents’ passwords were compromised, but that it is still investigating.

It said: “The main repository in which personal data is stored is our customer relationship management system (CRM system) and this was not accessed.

“We are still investigating the extent to which data stored elsewhere may have been impacted.”

A Clarion spokesperson said: “We apologise to our residents for the continued disruption to our services, which is the direct result of a cyber security incident. 

“We are working urgently with our cyber security partner and other experts to restore our systems. To do this in a safe and secure way takes time, but we are working hard to minimise disruption as far as possible. 

“Our emergency repairs service is unaffected and residents are also able to book repairs relating to lifts, door entry systems and fire safety systems through our live chat system.”